Healthcare providers, payors, and other healthcare organizations should be aware of a recently announced, “first-of-its-kind” settlement between the Texas attorney general and a healthcare generative artificial intelligence (AI) company resolving allegations that the company made a series of false and misleading statements about the accuracy and safety of its AI products. The settlement highlights the potential for enforcement against companies that utilize AI in a healthcare setting under existing laws that are not specific to AI and the importance of exercising caution in developing claims about an AI product’s efficacy or performance.
In a consequential decision for Health Insurance Portability and Accountability Act (HIPAA)-regulated entities, on June 20, 2024, the US District Court for the Northern District of Texas ruled that the US Department of Health and Human Services Office for Civil Rights exceeded its authority in certain respects in sub-regulatory guidance. The guidance concerned HIPAA’s application to cookies and other online tracking technologies on HIPAA-regulated entities’ unauthenticated webpages.
In California, pending Assembly Bill 3129 could severely limit the ability of digital health companies to grow and operate in the state by prohibiting arrangements between physician, psychiatric, and dental practices and any entity that furnishes business or management services to providers that accept investments from private equity groups and hedge funds. The legislation’s current definition of private equity is arguably broad enough to capture venture capital funds, angel investors, family offices and even the innovation or investment arms of academic and nonprofit medical centers. Digital health companies based in California who provide benefits services should closely monitor the potential impact of this proposed legislation on their businesses.
In this “Trending in Telehealth” installment, Amanda Enyeart and Jay Hyun Lee of McDermott’s Healthcare Group highlight a new Pennsylvania law that requires health insurance coverage for telehealth and in-home program services for pregnant and postpartum women.
One year on from the end of the COVID-19 public health emergency, the Medicare restrictions on telehealth that Congress waived to allow for and expand the use of telehealth and other forms of virtual care are set to expire. Congress has already acted twice to extend the waivers, most recently in the Consolidated Appropriations Act, 2023, which extended them until the end of this calendar year. Thus, starting on January 1, 2025, these waivers will disappear without further Congressional action. The uncertainty about whether Congress will again extend the telehealth waivers (and for how long) will create numerous questions and cause confusion for health plans, patients and providers.
On April 26, 2024, the Federal Trade Commission (FTC) issued a final rule to amend its Health Breach Notification Rule (HBN Rule). The HBN Rule works as a compliment and counterpart to the breach notification requirements established under the Health Insurance Portability and Accountability Act (HIPAA) for HIPAA-regulated entities. Specifically, the HBN Rule requires that vendors of personal health records (PHRs) and related entities that are not covered by HIPAA notify individuals, the FTC and, in some cases, media outlets of a breach of unsecured personally identifiable health data. Stakeholders should carefully review the final rule to understand how organizations will be impacted.
In December 2023, the National Association of Insurance Commissioners (NAIC) adopted a Model Bulletin on the Use of Artificial Intelligence (AI) Systems by Insurers. The model bulletin reminds insurance carriers that they must comply with all applicable insurance laws and regulations (e.g., prohibitions against unfair trade practices) when making decisions that impact consumers, including when those decisions are made or supported by advanced technologies, such as AI systems. To date, 11 states have adopted the model bulletin, thereby applying the standards to insurers that operate in the states.
On March 18, 2024, the US Department of Health and Human Services Office for Civil Rights (OCR) issued an update to its December 1, 2022, bulletin titled “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.” In releasing the 2024 update, OCR stated that its purpose was to “increase clarity for regulated entities and the public.” While the update appears to narrow the scope of what OCR considers to be HIPAA-protected health information (PHI) in the context of online tracking technologies, it largely reconfirms prior guidance in the 2022 bulletin and will likely have limited practical impact for HIPAA-covered entities and business associates that have already heeded the 2022 bulletin.
What are the major risks and rewards of artificial intelligence’s healthcare transformation? In this AHLA podcast episode, Alya Sulaiman offers insight into how healthcare organizations should manage AI governance and examines related legislative and regulatory issues.
Multiple states – including Mississippi, New Jersey and Virginia – have been busy finalizing legislation and rulemaking to adopt interstate compacts and expand behavioral health access.
What else have these states been up to in recent weeks?
Subscribe
