For nearly 40 years, federal courts have routinely upheld agency action under the principle of judicial deference established in the seminal case of Chevron U.S.A. v. Natural Resources Defense Council, Inc., which requires courts to uphold an agency’s interpretation of the statute it administers if the statutory language is ambiguous, and the agency’s interpretation is reasonable. Critics have argued that federal judges have been too quick to find an ambiguity in the face of complex and often dense statutory language and rush to defer to an agency’s interpretation, secure in the knowledge that Chevron deference will provide cover for their rulings.

However, this past June the U.S. Supreme Court issued two decisions addressing the outer limits of agency power in American Hospital Association v. Becerra and West Virginia v. Environmental Protection Agency, signaling renewed judicial oversight over agency action.

In AHA v. Becerra, the Court admonished the Department of Health and Human Services (HHS) for improperly lowering drug reimbursement payments to hospitals that serve low-income communities under a program called “340B,” finding that the Medicare statute explicitly and solely permits HHS to set the reimbursement rate for hospitals for certain outpatient prescription drugs that the hospitals provide to Medicare patients using only one of two methods:

  • If HHS conducted a survey of hospitals’ acquisition costs for prescription drugs, then HHS may set the reimbursement at the average of the hospitals’ acquisition costs.
  • If HHS did not conduct a survey, then HHS is required to set reimbursement rates at the average sales price charged by manufacturers for the drugs, i.e., 106% of the drug’s average sales price, and is prohibited from varying reimbursement rates for different groups of hospitals.

Without conducting a survey, in 2018 and 2019, HHS established two separate reimbursement rates, substantially reducing the reimbursement rates for 340B hospitals to 77.5 % of the average sales price for each drug while at the same time maintaining the historical rate of 106% of the average sales price for non-340B hospitals. This resulted in a reduction in the reimbursement rates for 340B hospitals of about $1.6 billion annually. However, the Court held in AHA v. Becerra that because HHS did not conduct a survey of hospitals’ acquisition costs (as required by the express language of the Medicare statute), it acted unlawfully by reducing the reimbursement rates for 340B hospitals.

Further, in West Virginia v. EPA, the Court determined that a Congressional statute, authorizing the EPA to establish emissions caps at a level reflecting “the application of the best system of emission reduction . . . adequately demonstrated,” did not empower EPA to devise carbon emissions caps based on a generation-shifting approach, i.e., by restructuring the nation’s overall mix of electricity generation, to transition from 38% to 27% coal by 2030. By taking this generation-shifting approach, EPA broke from its 50-year history of setting performance standards under the Clean Air Act based on measures that would reduce pollution by causing plants to operate more cleanly.

Applying what is known as the “major questions doctrine,” the Court held that EPA did not have the authority under the language of the Clean Air Act to promulgate regulations that would essentially reconfigure electric energy production nationwide from coal-generated power plants to solar, wind and gas powered plants. Rather, the Court noted, such a dramatic shift in policy is a matter for Congress.

Both decisions are notable particularly because they ignore Chevron and find instead that agency authority is limited by the language and scope of the agency enabling statutes. In AHA v. Becerra, the agency’s power was clearly defined in the Medicare statute and in West Virginia v. EPA, the scope of the extraordinary power claimed by EPA for itself was not granted by Congress in any textual provision of the Clean Air Act. The upshot of these decisions is that federal agencies must be circumspect about relying on innocuous statutory language or general “catch all” provisions to justify their actions where such language or provisions do not (and were never intended to) authorize agency action.

Hospitals should vigilantly monitor HHS’s regulatory actions which adversely affect Medicare reimbursement to ensure that such actions are supported by clear Congressional authority rather than simply by an exploitive interpretation which aggrandizes HHS’s own power.

Noncompete agreements and restrictive covenants have increasingly become the subject of scrutiny, and within the healthcare sector the use of these agreements remains both highly controversial and highly litigated. Greenbaum attorneys Jessica M. Carroll and John Zen Jackson analyze these issues, including related activity on the legislative front and the potential impact of federal antitrust law, in the article “Physician Noncompetes May Get Federal Antitrust Treatment,” published by Law360 on September 20, 2022.  Read their analysis here.

On the heels of the Dobbs decision overruling Roe v. Wade, President Joe Biden directed the Secretary of Health and Human Services (HHS) to provide guidance under the Health Insurance Portability and Accountability Act (HIPAA) and other statutes to protect reproductive rights and abortion access by strengthening “the protection of sensitive information related to reproductive healthcare services” and bolstering patient-provider confidentiality under the HIPAA Privacy Rule. The Privacy Rule prohibits the use or the disclosure of an individual’s Protected Health Information (PHI) without the individual’s consent unless expressly permitted or required by the Privacy Rule.

On June 28, 2022, HHS Secretary Xavier Becerra announced a number of steps that included ensuring patient privacy for individuals seeking reproductive health care. The Office of Civil Rights (OCR) within HHS responded with guidance addressing several scenarios that included HIPAA’s exception for disclosure when “required by law.” In relevant part, OCR explained:

The Privacy Rule permits but does not require covered entities to disclose PHI about an individual, without the individual’s authorization, when such disclosure is required by another law and the disclosure complies with the requirements of the other law. This permission to disclose PHI as “required by law” is limited to “a mandate contained in law that compels an entity to make a use or disclosure of PHI and that is enforceable in a court of law.” Further, where a disclosure is required by law, the disclosure is limited to the relevant requirements of such law. Disclosures of PHI that do not meet the “required by law” definition in the HIPAA Rules, or that exceed what is required by such law, do not qualify as permissible disclosures. [Emphasis in original.]

Implicit in the guidance is that the HIPAA Privacy Rule does not prevent compelled disclosure when required by state law. The Ohio Supreme Court recognized this proposition in State ex rel. Cincinnati Enquirer v. Daniels, where it reviewed the Cincinnati Health Department’s denial of a request for records listing property owners who received notices of contamination based on blood tests received by the Department showing elevated lead levels. The Court disagreed with the Department’s refusal to produce the information based on the HIPAA Privacy Rule because the records contained PHI. Furthermore, the Court stated that “even if the records did contain protected health information, they would still be subject to release in accordance with the ‘required by law’ exception to HIPAA.” Thus, while the guidance by the federal government under HIPAA provides some additional assurances for providers and patients, it cannot ensure that PHI related to reproductive health services will not be disclosed.

Thus far, none of the states that have banned abortion in the aftermath of Dobbs have criminalized the conduct of the woman seeking the abortion. However, if  abortion were to be criminalized, an example of a disclosure that might not meet the “required by law” standard would be an emergency room staff reporting a woman presenting for care related to a miscarriage following an attempted self-induced abortion where no statute existed requiring that a report be made. Such an instance occurred in Texas and resulted in a grand jury charging a woman with murder under its “heartbeat law.” The charges, however, were eventually dropped as the Texas law explicitly exempts pregnant women who get an abortion from criminal consequences.

The enactment of “fetal personhood” abortion laws, such as that in Georgia, present a further risk that women who undergo an abortion will be prosecuted for child abuse or feticide. This places physicians in a difficult position as physicians are mandated to report child abuse in all states.

A recent article entitled “Supporting, Not Reporting – Emergency Department Ethics in a Post-Roe Era” in the September 8, 2022, issue of the New England Journal of Medicine analyzes this tension between the physician’s duty of care and confidentiality against his/her obligation to comply with legal requirements. The article’s authors reject the applicability of the mandatory child abuse paradigm in connection with a woman having undergone an abortion and find support in a footnote to the OCR guidance indicating that HIPAA exceptions regarding “reports of child abuse or neglect would not apply to disclosures of PHI relating to reproductive health care.” They further contend that “[t]he justification for breaching confidentiality to report child abuse is not punishment but prevention of harm, which doesn’t apply in abortion cases.” More specifically, they urge Emergency Department staff to be guided by ethical principles that would preclude any disclosure:

[T]he American College of Emergency Physicians’ code of ethics, which states, “Personal information may only be disclosed when such disclosure is necessary to carry out a stronger conflicting duty, such as a duty to protect an identifiable third party from serious harm or to comply with a just law.”

Mandatory reporting laws are ethically justified under the principle of non-maleficence because they prevent harm to a patient or other individuals, or under the principle of beneficence because they directly benefit patients by protecting them from specific harms. Either situation overrides the ethical principle of patient autonomy.

However, requiring mandatory reporting concerning abortions presents a circumstance of something being legal but unethical. There is guidance from the American Medical Association that “[i]n circumstances of unjust laws, ethical responsibilities should supersede legal duties.” This conundrum with the potential for civil disobedience is not unique, but is a variation on the “conscience” claim for refusing to provide abortion. Here, the ethical decision involves supporting the choice to have an abortion. The refusal to perform an abortion, as a matter of conscience, has frequently been asserted and legislatively recognized. But not performing an action required by one’s core beliefs can be just as harmful to an individual’s moral integrity. This “conscientious objection” should also be recognized.

New Jersey has already taken steps to enhance the HIPAA protection of PHI with the enactment of Bill A3975 on July 1, 2022. This new law prohibits any disclosures related to reproductive health care services that are permitted under the laws of this state without written consent of the patient or the patient’s authorized legal representative. This protection covers not only New Jersey residents but also a person who resides in a jurisdiction where abortion is illegal.

Many believe that the future of technology is artificial intelligence (AI). Everywhere we look, we see examples of AI seeping into various aspects of our lives. The complex algorithms that operate the facial recognition on our cell phones, the smart home devices that learn our preferences, the social media platforms that personalize our content, or the autonomous self-driving cars currently in development are all examples of an all-encompassing concept known collectively as AI, which comes in many forms and levels of complexity.

Not surprisingly, AI, especially machine learning-based technologies, has also become prevalent in the healthcare industry. There are many products currently on the market that help review and assess patient data to identify risk factors and possible areas of health concern. Technology is currently being used to scan x-rays, MRIs, colonoscopy video, and other imaging to help identify abnormalities. AI technology is helping to monitor in real-time vital signs and other data to perform risk assessments and detect patient needs. Healthcare providers are relying more and more each day on these advancing technologies to provide better quality and more efficient and timely care to patients.

While most recognize the significant benefits the continued advancement of AI could have on all aspects of our lives, its utilization in healthcare provides unique challenges. As of this writing, regulation of AI in the healthcare sector has been limited, with both the U.S. Food and Drug Administration publishing a set of guiding principles and the U.S. Department of Health and Human Services creating an AI Office and issuing a strategy document. Over the past several years, various Congressional Committees have also held hearings on the topic, but as of yet no formal legislation or regulatory proposals have come to fruition or appear imminent on the subject. Despite this inaction, the European Union has proposed the first of its kind regulation of AI (not just in the healthcare sector) known as the Artificial Intelligence Act and is moving toward an effective date sometime in 2024. All eyes are on the fate of this law, as it would likely be a driving force in shaping the regulation of AI not just in the European Union but in countries around the world.

In reviewing the proposed AI Act, and in considering possible legislative or regulatory action stateside, there are a number of key areas of concern that will likely be addressed and considered to ensure the safety of AI. These include:

  • Data privacy – Data is big business around the world and given the need for data to train AI systems, regulators will need to closely examine the limitations on the right of third parties to share or sell customer/patient health information that was originally shared for a different purpose. There are already laws on the books under HIPAA that preclude healthcare providers, insurance companies, and clearinghouses from selling patient information to third parties. However, HIPAA does not apply to non-covered entities. For example, when a person inputs their health information into an app on their phone, the developer of that app is not necessarily under any restrictions that would prevent it from sharing or selling the health information to other third parties.

 

  • Healthcare inequity – Healthcare inequity is a major focus in the industry right now and a priority of the current administration. AI, if not programmed properly, poses the risk of perpetuating these inequities – for example, if the algorithm is developed in such a way that there is bias built into it. Moreover, close attention must be paid to the data utilized to train the algorithm. If the data contains biases within it, then the technology will learn those same biases. And finally, if the data sets utilized to train the technology are not broad enough, then inequity can again creep into the technology.

 

  • Safety – As AI continues to evolve and advance, healthcare providers and others in the industry are likely to place greater reliance on its recommendations and conclusions. This will pose significant questions for regulators. For example, could this technology be considered the unlicensed practice of medicine? Moreover, if the technology misses a diagnosis, will insurance cover the malpractice claim? And would the healthcare provider who relied upon the technology, or the patient it was used on, have a claim against the manufacturer for the mistake?

 

  • Transparency – With our ever increasingly digital lives, communicating over the internet or generally through our phones and other devices can make it difficult to recognize when we are communicating with an artificially intelligent machine versus another person. Regulators will be looking to ensure transparency to ensure that individuals are fully on notice when it is not an actual person on the other end of the communication.

 

We cannot deny that AI technologies will only continue to advance and evolve. Given the rapid pace with which this is occurring, legislators and regulators are faced with the challenging task of trying to develop laws and regulations that can withstand the test of time. Moreover, they must balance the goals of advancement with the need to ensure that citizens are protected from possible abuses of the technology. We will continue to monitor AI-related developments impacting the healthcare sector as they inevitably occur.

The U.S. Departments of Health and Human Services, Labor, and the Treasury have issued final rules under the No Surprises Act, largely addressing the Independent Dispute Resolution process and downcoding.

As we previously reported, the U.S. District Court for the Eastern District of Texas issued a ruling that certain Centers for Medicare & Medicaid Services interim rules conflict with the federal No Surprises Act and must be set aside under the Administrative Procedure Act. The Court took particular issue with the rule that an Independent Dispute Resolution (IDR) entity must ordinarily select the offer closest to “the qualifying payment amount” (QPA), typically the median rate the insurer would have paid for the service if provided by an in-network provider or facility.

Following that ruling, HHS published “Federal Independent Dispute Resolution (IDR) Process Guidance for IDR Entities” dated April 2022. That guidance required IDR entities to consider the QPA and information that providers and plans submit during the IDR process. It does not establish the QPA as the presumptive appropriate amount.

Recently, on August 19, 2022, the Departments issued “Requirements Related to Surprise Billing: Final Rules.” The rules finalize requirements related to information that group health plans and health insurance issuers offering group or individual health insurance coverage must share about the QPA, and in consideration of the emerging caselaw.

Independent Dispute Resolution

The final rules further clarify the October 2021 interim final rules requiring IDR entities to select the offer closest to the QPA, unless the IDR entity determined that any additional credible information submitted by the parties demonstrated that the QPA was materially different from the appropriate out-of-network rate. The final rules specify that IDR entities should select the offer that best represents the value of the item or service under dispute after considering the QPA and all permissible information submitted by the parties. In performing this review, IDR entities are to evaluate whether the information provided relates to the payment amount offer submitted by either party, and whether the additional information is credible. The IDR entity should also evaluate the information to avoid double counting information that is already accounted for by the QPA or by any of the other information submitted by the parties.

The final rules also finalize provisions of the October 2021 interim final rules requiring IDR entities to explain their payment determinations and underlying rationale in a written decision submitted to the parties and the Departments. The final rules require that the written decision include an explanation of the information that the IDR entity determined as demonstrating that the selected offer is the rate for out-of-network services that best represents the value of the item or service. This includes the weight given to the QPA and any additional credible information regarding the relevant factors.

If the IDR entity relies on additional information or circumstances when selecting an offer, the final rules state that its written decision must include an explanation of why the IDR entity concluded the information was not already reflected in the QPA.

Downcoding

The final rules also clarify requirements for “downcoded” claims, to include information necessary to engage in meaningful negotiations. Previous interim rules described the practice and explained that it was permissible under certain circumstances, but without defining the term. The final rules define downcoding to mean the alteration by a plan or issuer of the service code to another service code or the alteration, addition, or removal by a plan or issuer of a modifier, if the changed code or modifier is associated with a lower QPA than the service code or modifier billed by the provider. Payers are required to:

  • Notify providers when downcoding occurs, including notification that the service code or modifier was downcoded;
  • Explain why their claim was downcoded; and
  • Provide the amount that would have been the QPA had the downcoding or modifier not been downcoded.

With ongoing challenges to the No Surprises Act, providers should continue to monitor changes to this law as it continues to take shape through new rules and additional guidance. We will keep you advised accordingly.

In response to the U.S. Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization and the resulting laws enacted in several states to prohibit abortions, New Jersey has passed new laws designed to protect individuals who visit New Jersey seeking reproductive healthcare services, in addition to the medical providers who provide them with care in New Jersey. These laws, however, do not change anything in New Jersey with respect to a woman’s right to abortion. Patients in New Jersey have, and continue to have, a right to in-clinic or medication abortions, without waiting periods, regardless of gestational age, and without parental notification if the patient is a minor.

Following the Court’s decision, and in anticipation of an increase in the number of out-of-state pregnant women traveling to New Jersey for abortion services, Governor Phil Murphy signed two bills on July 1, 2022 (A-3975/S-2633 and A-3974/S-2642) to shield these patients, along with New Jersey residents and medical providers, from lawsuits and other interventions from those states where abortion is now illegal. Part of the intent of these new laws is to ensure that the personal health information (PHI) of patients receiving comprehensive reproductive healthcare services in New Jersey, including abortion care, will be kept private, and to prevent PHI from being utilized by other states to investigate and prosecute individuals. New Jersey’s efforts are in furtherance, and consistent with, the continued efforts of the Office of Civil Rights (OCR) to administer and enforce the Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to prohibit healthcare entities from using or disclosing PHI absent an authorization from the patient.

What remains to be seen is how certain HIPAA exceptions, such as those for law enforcement purposes, will impact the protections of HIPAA. Governor Murphy’s nondisclosure bills attempt to address these concerns and will prohibit medical providers from disclosing certain information and/or communications about a patient’s reproductive healthcare services without the patient’s written consent in civil actions and other judicial proceedings. Likewise, public entities in New Jersey are forbidden from providing or using PHI in furtherance of any interstate investigation and/or proceeding that seeks to impose civil or criminal liability in connection with reproductive healthcare services on any person or entity.

Additionally, under the new laws, New Jersey licensing boards may not suspend, revoke, or decline to renew any license or registration of a medical provider based solely on the medical provider’s involvement in abortion-related services for a patient residing in a jurisdiction where abortion is illegal. Said differently, healthcare providers are protected from losing their professional licenses and/or registrations if they perform an abortion within New Jersey.

The bills also prohibit extradition of patients who travel to New Jersey for an abortion, along with patients who reside in New Jersey, in addition to the medical providers, for purported crimes relating to reproductive healthcare services that are unlawful in the outside state.

Further, New Jersey’s key law enforcement officials have taken a united position to share intelligence about threats to medical facilities and providers. They will also actively enforce the Freedom of Access to Clinic Entrances Act, a federal law prohibiting threats, force, obstruction, and property damage intended to interfere with reproductive healthcare services. Significantly, the New jersey Division of Consumer Affairs has vowed to protect the privacy of patients both within and outside of the state so that their private data will not be misused to target them.

As a result of these two new bills and the commitment of New Jersey’s law enforcement, New Jersey has established itself as a safe haven for women seeking reproductive healthcare services and the medical providers caring for them.

As we reported recently in a Client Alert, the Supreme Court of New Jersey’s recent decision in Rivera v. The Valley Hospital, Inc. aligned with prior case law in confirming that punitive damages in medical malpractice actions are only available in “exceptional cases.” Although the Rivera decision does not immunize medical defendants from claims for punitive damages, it reinforces the trial bench’s obligation to rigorously apply the standards for clear and convincing evidence of willful and wanton conduct, as our analysis of the ruling explains. We also proudly note that Greenbaum attorney John Zen Jackson acted as amicus counsel for the Medical Society of New Jersey and the American Medical Association, which submitted amici briefs in support of the defense in this matter.

On August 12, 2022, the U.S. District Court for the District of Minnesota entered an order in favor of Travelers Casualty and Surety Company of America, dismissing the complaint filed by SJ Computers, LLC, a Minnesota-based computer store. The case should serve as a cautionary tale to businesses across the country, underscoring the critical need to closely read the terms of any cyber insurance policies.

SJ Computers found itself the victim of a business email compromise attack when an attacker gained access to a purchase manager’s email account and sent the company’s CEO purchase orders, purportedly from one of SJ Computers’ existing vendors, Electronic Recyclers International Direct – with the bank account information edited. The CEO, without verifying the new bank information, sent two wire transfers to satisfy the invoices. After the payments had cleared, SJ Computers discovered the fraud and subsequently attempted to seek coverage under its cyber insurance policy by claiming that the attack was computer fraud rather than social engineering fraud because of the increased limits of coverage.

While acknowledging that lawyers had only identified three similar cases across the country, the judge identified a key distinction from those cases in this matter. The policy at issue here covers both computer fraud and social engineering fraud and makes clear that the two are mutually exclusive categories. The Travelers’ policy defines computer fraud, which provides coverage up to $1 million, “as intentional, unauthorized, and fraudulent entry or change of data or computer instructions directly into a computer system.” Moreover, the policy states that entries or changes made by employees or authorized persons on the basis of fraudulent instructions is not covered. Instead, such actions constitute social engineering fraud (which is what Travelers agreed to cover SJ Computers under) and is defined in the policy as “the intentional misleading of an employee or authorized person by a natural person impersonating [vendors, clients, employees or authorized persons] through the use of a communication.” Unfortunately for SJ Computers, this provision only provides coverage up to $100,000.

Based on the policy language, the court held that the claim was covered under the social engineering fraud provision, rather than the computer fraud provision. In a comment that underscores the important role individuals play in protecting a company, the judge stated:

“SJ Computers did not suffer a penny of financial loss when the bad actor hit ‘send’ on his email messages. And SJ Computers would never have suffered a penny of financial loss if the CEO had not opened those email messages, or if the CEO had asked the purchasing manager about them, or if ERI Direct had answered its phone when the CEO called, or if ERI Direct had promptly returned the voicemail message left by the CEO, or if the CEO had waited to hear from ERI Direct before paying the invoices.”

All businesses with cyber insurance should carefully review their policies and consult with legal counsel and their brokers to fully understand the scope and limitations of what they are purchasing. In today’s world of ever changing ways in which computers and other technology are being utilized to carry out attacks on businesses by bad actors, the circumstances surrounding the attacks and the language in these policies becomes even more critical to ensure that organizations are properly insured for losses. Moreover, as occurred here, efforts to keep employees ever vigilant in their efforts to identify and act on any suspicious information they encounter is paramount to keeping an organization safe.

On August 18, 2022, in the wake of the uncertainty visited upon the healthcare industry by the pandemic, New Jersey Governor Phil Murphy signed into law new legislation protecting employees during the transfer in ownership of healthcare entities. The new law prohibits employers from terminating employees absorbed through a consolidation, merger, reorganization, etc., during a four-month transition period absent cause – including without limitation, downsizing.  An “employee” is defined as any hourly, non-exempt, and non-managerial worker. A “healthcare entity” is defined broadly to include healthcare facilities, staffing registries, and home care service agencies.

Healthcare entities are further required to take the following action:

  • Post notifications to employees of their rights under the new law during the four-month transition period.
  • Honor the provisions of any unexpired collective bargaining agreement in force at the time of the transfer in ownership and for up to such time as it expires or six months after the transfer, whichever is later.
  • Retain all existing non-union employee wages and benefits for the duration of the transition period and for up to six months after the transfer in ownership.
  • Offer available employment positions to eligible employees that previously held those positions based upon seniority, or until no additional positions are available.
  • Conduct a written performance evaluation at the end of the four-month transition period of each employee retained and offer to keep that employee on board if his/her performance is deemed satisfactory.
  • Retain and present upon request to any employee (or representative) written records of each offer of employment/evaluation for not less then three years from the date of the offer/evaluation.

A healthcare entity that runs afoul of the provisions of the new law risks significant potential liability. Indeed, the legislation provides a private cause of action to employees aggrieved by any of its provisions along with remedies that include, without limitation, payment of lost wages and benefits (including liquidated damages), injunctive relief (e.g., reinstatement), and reasonable attorneys’ fees. For this reason, the new law’s requirements will no doubt have a long term and significant impact on the consideration and terms of any future transfers in ownership of healthcare entities in New Jersey post-pandemic.

The U.S. Department of Health and Human Services (HHS) recently announced a proposed rule to strengthen nondiscrimination in healthcare by advancing health equity and reducing disparity.  Entitled “Nondiscrimination in Health Programs and Activities,” the proposed rule revises Section 1557 of the Affordable Care Act (ACA) and also includes proposals to provisions in the nondiscrimination regulations from the Centers for Medicare & Medicaid Services (CMS).

The proposed rule underscores that healthcare should be a right and not dependent on looks, location, love, language, or the type of care needed. Accordingly, the proposed rule codifies protections against discrimination based on sex, including sexual orientation and gender identity, as set forth in Bostock v. Clayton, in which the U.S. Supreme Court held that it is unlawful to discriminate against an individual because of the individual’s sexual orientation or gender identity.  While restating protections provided in Section 1557 of the ACA, it also promotes congressional intent, and legal precedent, along with the Biden-Harris Administration’s priority of advancing gender identity and sexual orientation, reproductive healthcare services and racial equity and support for underserved communities through President Biden’s executive orders.

The ACA is one of the federal government’s most powerful tools for ensuring nondiscriminatory access to healthcare. It prohibits discrimination based on race, color, national origin, sex, age, and disabilities related to certain healthcare programs and activities. By strengthening the provisions of Section 1557, the proposed rule seeks to further protect the civil rights of those who access or seek access to healthcare programs or activities by eliminating avoidable differences in health outcomes for those who are underserved. The proposed rule also seeks to provide the care and support that those who are unheard need to survive.

To advance these protections, the proposed rule seeks to address gaps identified in prior regulations. This will include:

  • Reinstating the scope of Section 1557 to cover HHS’ health programs and activities;
  • Clarifying the application of Section 1557 nondiscrimination requirements to health insurance companies that receive federal financial assistance;
  • Aligning regulatory requirements with federal court opinions that prohibit discrimination based on sex, which includes sexual orientation and gender identity;
  • Clarifying that discrimination based on sex includes discrimination based on pregnancy or related conditions, such as “pregnancy termination”;
  • Requiring civil rights policies and procedures for entities receiving federal funding to ensure requirements preventing and combating discrimination are operationalized;
  • Requiring entities to provide staff training on language assistance services for persons with limited English proficiency (LEP), along with effective communication and reasonable modifications to policies and procedures for people with disabilities;
  • Requiring covered entities to provide a notice of nondiscrimination, along with a notice of the availability of language assistance services and auxiliary aids and services;
  • Explicitly prohibiting discrimination when using clinical algorithms to support decision-making in covered health programs and activities;
  • Clarifying that health programs and activities offered via telehealth, which must be accessible to LEP individuals and individuals with disabilities, are subject to nondiscrimination requirements;
  • Interpreting Medicare Part B as federal financial assistance; and
  • Refining and strengthening how conscience and religious freedom objections are raised.

Significantly, the proposed rule also reiterates protections from discrimination for people seeking reproductive health care services.  Thus, with this proposed rule, HHS is clearly attempting to push back against the increased attacks on women, transgender youth, and the healthcare providers treating them in an attempt to fill various identified gaps in the law to better ensure that people across the country can access healthcare without discrimination.

Healthcare providers should take note of the HHS’ proposed rule, as it will have numerous impacts on the everyday provision of care to the patients they serve and the means by which that care is delivered.