During this election year, McDermottPlus is actively monitoring annual regulations that federal agencies are expected to release, as well as “ad hoc” regulations that will be released at the discretion of federal agencies.
This chart displays health-related regulations that may be issued this year, organized by federal agency and date of potential release.
The Congressional Review Act (CRA) empowers Congress to act to invalidate regulations issued by federal agencies. These regulations include final rules, interim final rules and guidance documents. The CRA is most practically used by a new Congress to invalidate regulations issued by a previous administration and received within 60 legislative days of the previous Congress’ adjournment.
Should Republicans gain control of both chambers of Congress and the presidency, the 119th Congress could use the CRA to nullify certain Biden administration regulations. With federal elections looming later this year, this article reviews the CRA and how it might impact the current administration’s regulatory agenda.
A recently decided US Court of Appeals for the Ninth Circuit case, Ryan S. v. UnitedHealth Group, Inc., offers some useful insights on the enforcement by private litigants of the Mental Health Parity and Addiction Equity Act (MHPAEA). Like other similar cases, the case invites questions about the impact of potential changes under the proposed regulations issued under MHPAEA last year. Despite that the issues at this stage are procedural, the case nevertheless offers some useful insights, which this post explores.
Our previous MHPAEA content is available here.
According to the complaint, the group health plan under which Ryan S. was covered was administered by UnitedHealthcare. The plan covered outpatient, out-of-network mental health and substance use disorder (MH/SUD) benefits at 70% of covered charges and at 100% once the out-of-pocket maximum was met.
Ryan S. completed two different outpatient, out-of-network substance use disorder programs, coverage for which was denied on multiple occasion and for disparate reasons. As the complaint explains, the denials resulted from UnitedHealthcare’s use of an algorithm that assessed patients’ progress and referred cases for additional review. This additional layer of review was not applied to outpatient, out-of-network medical/surgical (M/S) claims. Ryan S. alleges that UnitedHealthcare applied a more stringent review process to benefits claims for outpatient, out-of-network MH/SUD treatment than to otherwise comparable M/S treatment. The complaint states this disparity in applicable review standards violates:
The Disposition of the Plaintiffs’ Claims
The district court had dismissed all the claims. The Ninth Circuit reversed on MHPAEA and ERISA fiduciary claims but let stand the district court’s dismissal of the claim related to plan terms.
MHPAEA requires that any limitations on “mental health or substance use disorder benefits” in an ERISA plan be “no more restrictive than the predominant treatment limitations applied to substantially all [covered] medical and surgical benefits.” Thus, said the court, to succeed, a plaintiff must show an ERISA plan that offers both M/S and MH/SUD benefits imposed a more restrictive limitation on MH/SUD treatment than limitations on treatment for M/S issues. The court then identified three situations in which such a violation might occur:
In the court’s view, the complaint raises internal process claims. As such, violations cannot be discerned with reference to the plan document. The court therefore saw no reason to disturb the district court’s dismissal of the claim relating to plan terms.
With respect to the MHPAEA and ERISA fiduciary claims, [...]
Continue Reading
The US Department of Health and Human Services Office for Civil Rights (OCR) recently reached a $4.75 million settlement with a New York City hospital for alleged violations of the Health Insurance Portability and Accountability Act (HIPAA).
According to OCR, in 2013, a former hospital employee sold the electronically protected medical records of 12,517 patients to an identity theft group, and the NYC hospital did not detect or report the breach to OCR until 2015. OCR’s investigation found several potential HIPAA violations, and in addition to the settlement, the hospital agreed to conduct a thorough security risk assessment, revise HIPAA policies, provide additional training to staff, begin recording and tracking all electronic health record (EHR) activity to monitor who is accessing patient information, and create a risk management plan. OCR will also monitor the hospital for two years for compliance with HIPAA.
New state privacy laws regulating health data impose significant obligations and heightened litigation and regulatory risks. During this webinar, Elliot Golding and Sam Siegfried discussed how these laws apply, what they require, and practical tips to implement and operationalize compliance.
