House Oversight and Accountability Select Subcommittee on the Coronavirus Pandemic Holds Hearing with Anthony Fauci, MD. This hearing marked Fauci’s first public testimony since his retirement. Fauci fielded several tough questions from committee Republicans while reiterating his commitment to impartially examining the facts regarding the origins of COVID-19. Fauci explained the challenges in achieving herd immunity for COVID-19 due to mutations and short immunity duration, clarifying that vaccine mandates were a collective decision among agencies. The discussion highlighted the lasting academic and mental health effects of the COVID-19 pandemic and the need for tailored public health measures. Members from both parties emphasized the importance of clear communication from public health officials and the need for oversight to prevent potential wrongdoing and ensure trustworthiness in health institutions.
House Energy & Commerce Oversight and Investigations Subcommittee Holds Hearing on 340B. During the hearing, members and witnesses agreed that the 340B drug discount program is vital for providers serving underserved populations and should continue. They also agreed that patients must be prioritized. Democrats raised concerns about the lack of pharmaceutical company representation on the panel when significant policy and legal concerns relate to such companies limiting access to 340B pricing today. Several Republicans focused on recently introduced legislation (HR 8574) to significantly alter the 340B program. There was discussion of potential reforms to the program and whether those would help increase transparency and ensure that the program benefits underserved patients. The reform discussion included particular focus on whether an updated “patient definition” would be of value. However, there was no consensus on any of the reform discussion.
Senate Homeland Security & Governmental Affairs Committee Holds Hearing on Cybersecurity. During the hearing, members heard from the Office of the National Cyber Director and the US Government Accountability Office. Some members expressed frustration regarding the most recent Change Healthcare cyberattack, noting the major disruptive impact it had across the US health system. The hearing cited the importance of harmonization when critical infrastructure sectors are subject to multiple cybersecurity regulations and noted that without harmonization adverse impacts can occur.
In related news, Senate Finance Committee Chairman Ron Wyden (D-OR) sent a letter to US Department of Health and Human Services (HHS) Secretary Xavier Becerra urging HHS to take immediate enforceable steps to require healthcare companies to improve their cybersecurity practices. Chairman Wyden urged HHS to:
HHS currently suggests, but does not require of healthcare entities, certain cybersecurity performance goals. HHS has announced that it is developing new regulations that could include provisions for cybersecurity requirements: a Health Insurance Portability and Accountability (HIPAA) security rule and a healthcare system resiliency and modernization rule.
Senate HELP Committee Holds Hearing on Reproductive Healthcare. The hearing highlighted how overturning Roe v. Wade has led to inconsistencies in how states manage reproductive rights and protections for abortion. It also emphasized how these inconsistencies have resulted in negative health outcomes for patients, since individuals must now travel to receive care that they could previously access locally. Many Democrats aligned with pro-choice views, advocating for contraceptive and reproductive health protections for abortion rights. Many Republicans supported abortion restrictions, citing the concept of fetal personhood. The hearing demonstrated a concern about healthcare providers leaving states with restrictive abortion laws. Reproductive health experts may hesitate to practice in the areas where they are most needed because of fears of facing legal repercussions for providing abortion care.
HHS Clarifies Notification Requirements in Wake of Change Healthcare Cybersecurity Attack. Following advocacy from several stakeholders, the HHS Office of Civil Rights (OCR) revised its frequently asked questions document (FAQs) regarding the Change Healthcare cybersecurity attack to clarify that physicians, hospitals and other providers may defer to United Healthcare Group (UHG) to inform patients about any breaches to their protected health information (PHI).
Under HIPAA, covered entities (e.g., providers, insurers) have up to 60 calendar days from the date of discovery of a breach of unsecured PHI to file breach reports with HHS. Covered entities that discover a breach also must notify affected individuals “without unreasonable delay.”
In the newly issued FAQs (FAQs 6 and 7), OCR states that UHG has not yet declared an official breach notification at this time. OCR also points to FAQs released by UHG that state: “to help ease reporting obligations on other stakeholders whose data may have been compromised as part of this cyberattack, UnitedHealth Group has offered to make notifications and undertake related administrative requirements on behalf of any provider or customer.”
While OCR is trying to make it clear that physicians, hospitals and other providers do not have to take any action at this time to fulfill their legal obligations under HIPAA, it is important to note that other federal or state laws governing data breaches may still need to be considered.
CMS Hosts Health Equity Conference. Last week, the Centers for Medicare & Medicaid Services (CMS) held the second annual CMS Health Equity Conference. The event was hosted by CMS’s Office of Minority Health. During the conference, CMS Administrator Chiquita Brooks-LaSure highlighted the progress made in this administration toward advancing equity and touted several health equity regulatory actions, including the recent Ensuring Access to Medicaid Services final rule. The conference also included discussion on maternal health, especially the need to integrate mental health services into maternal healthcare. The conference also highlighted the need to expand access to telehealth services for the treatment of individuals with disabilities. The discussions from the conference made clear that while there has been progress in advancing health equity, there still remains much more work to be done to reduce disparities in health outcomes. Read more about the conference at our Regs & Eggs blog.
Administration Adds 10 New States to CCBHC Medicaid Demonstration Program. HHS, through CMS in partnership with the Substance Abuse and Mental Health Services Administration, welcomed 10 new states into the Certified Community Behavioral Health Clinic (CCBHC) Medicaid Demonstration Program. The new states are Alabama, Illinois, Indiana, Iowa, Kansas, Maine, New Hampshire, New Mexico, Rhode Island and Vermont, joining the eight states already participating in the demo – Michigan, Missouri, Kentucky, Nevada, New Jersey, New York, Oklahoma and Oregon.
The CCBHC program provides these states with funding to help them expand access to mental health and substance use services. CCBHCs are required to ensure access to a comprehensive range of services, including crisis services that are available 24 hours a day, seven days a week. CCBHCs are also required to provide routine outpatient care within 10 business days.
Congress will be in session next week, with healthcare activity at the committee level, likely including a markup in the House Energy & Commerce Committee and a hearing with the CMS Innovation Center.
For more information, contact Debra Curtis, Kristen O’Brien, Julia Grabo, Priya Rathakrishnan or Erica Stocker.
To subscribe to the McDermottPlus Check-Up, please CLICK HERE.
