Legislative Weekly

1. No Surprises Act (NSA) and Transparency Rules (TinC)
2. Cybersecurity, AI, & Tech 1
3. DC and Federal Update
4. The States
5. The Industry

HIGHLIGHTS: AEOB proposed rule and air ambulance reporting final rule (maybe) coming soon; Price transparency is impetus behind lawsuits; Cybersecurity mods to HIPAA Security Rule to be proposed; Bipartisan cybersecurity bill introduced in Senate; v.8020 transaction standards to be proposed and attachment standard to be finalized; TX judge rules against CMS rule on broker compensation; HHS to support cross-state provider licensure through state compacts; Private equity in healthcare remains minimal; Commercial healthcare costs expected to jump; Uninsured population expected to rise.

No Surprises Act & TinC

The gov’t expects to publish a proposed rule in March 2025 on the Advanced Explanation of Benefits (AEOB) required by the NSA, according to the recently released Unified Agenda. The Unified Agenda lists the regulations the gov’t expects to publish in the coming year.

• The announcement gave no indication or description of the possible contents of the proposed rule.
• The gov’t’s last action on the AEOB was a Request for Information published almost two years ago. 

Also in the Unified Agenda: The gov’t expects to publish a final rule in March 2025 on “the form and manner in which [payers] and providers of air ambulance services would report information regarding air ambulance services.” The title of the rule implies that it will also address “agent and broker disclosures, and provider enforcement.”

• A proposed rule was published in September 2021 which proposed that payers should submit information on each claim for air ambulance services.

TinC and other transparency laws are a major impetus for lawsuits aimed at employers and health insurers,  Bloomberg reports. In general, plaintiffs in these cases allege the defendants aren’t meeting their fiduciary duties to oversee costs. The article summarizes a range of lawsuits being brought under ERISA and the Consolidated Appropriations Act of 2021 (CAA).

Cybersecurity, AI, & Tech

Bipartisan legislation was introduced in the Senate to improve cybersecurity in healthcare. The Healthcare Cybersecurity Act (S 4697) directs the Cybersecurity and Infrastructure Security Agency (CISA) and the HHS to make resources available to certain non-federal entities – called “high risk covered assets” –  to help defend against cyberattacks. 

• Although there was talk in the Senate of creating legislation requiring industry to meet specific cybersecurity standards, the bill does not include any requirements directed at commercial healthcare payers or providers. Articles about the bill here and here.
• In a related move, Sen. Warner (D-VA)—one of the bill’s main sponsors and a cofounder of the Senate Cybersecurity Caucus—has urged HHS to end voluntary cybersecurity requirements and asked the agency to propose mandatory minimum cyber standards for the healthcare industry.  Letter here. Sen. Wyden (D-OR) sent HHS a similar letter in early June.  

As if on cue — according to the Unified Agenda — HHS plans to propose a rule that would modify the HIPAA Security Rule and the HITECH Act to improve cybersecurity “by strengthening requirements for HIPAA regulated entities” to safeguard PHI. The proposed rule is scheduled to be published December 2024. Look for requirements along the lines of what Warner and Wyden were asking for.

Costs from the Change Healthcare cyberattack are expected to reach $2.3 to $2.45 billion according to United Healthcare, more than $1 billion more than previously anticipated.

DC and Federal Update

Here’s some other (significant!) regulations that the gov’t plans to publish in the coming year, according to the most recent Unified Agenda:

• A proposed rule that would adopt an updated version of X12 standards for electronic health claims and electronic remittance advice. The proposed rule is scheduled for publication in December 2024.
• A final rule that would adopt new standards “for the health care attachment transactions and electronic signatures.” The rule would finalize a proposed rule published in December 2022 that proposed standards developed by HL7 and X12. The final rule is slated for publication in November 2024.

A Texas district court judge ruled against HHS regarding CMS’ recent final rule on broker compensation in MA plans, pausing the enforcement of the new rules.

• Plaintiffs in the case (one of three filed on the issue) argued that CMS’ final rule that capped agent and broker non-salary compensation was beyond the agency’s authority and could cost carriers one-third of total revenue. The judge agreed that compensation should not be limited.
• The case moved quickly due to approaching enrollment, and CMS is expected to give updated guidance on the issue.

HHS is awarding $2.5 million to support cross-state licensure through state compacts.

• State licensure compacts allow states who have passed compact legislation to license providers from other compact states quickly.
• The practice dramatically increased during C19 and have been popular amongst telehealth providers and national telehealth companies.

A few months ago, we reported on “unscrupulous insurance brokers” signing up thousands of Americans for ACA health plans they don’t need or switching their coverage without their consent. Now, health tech company HealthSherpa has announced it is “teaming up” with health plans in an attempt to curb these unauthorized ACA enrollment schemes.

• HealthSherpa announced its new initiative, called “Member Defense Network,” which is a “secure registry designed to prevent Unauthorized Plan Switching” in the marketplace and will stop the questionable insurance brokers from receiving commissions.

Medicare is proposing to reimburse physicians for digital mental health treatments, including apps, therapeutic software, and video games, for the first time.

• CMS proposed three new payment codes last week that would authorize providers to be reimbursed for “digital therapies” in mental health treatment, beginning in 2025.
• The first company that received FDA clearance for such digital therapy declared bankruptcy last year, citing struggles to receive insurance coverage for the treatment.

The States

A recent report by Manatt found that high-Medicaid hospitals were reimbursed up to 22% less than average hospitals in Massachusetts, Arkansas, and Virginia.  More data is expected in the coming weeks.

Meanwhile in CO, the state’s Prescription Drug Affordability Board (PDAB) has declared two more drugs “unaffordable”, in spite of a lawsuit against the state by the manufacturer of the first drug to receive the same designation.

• Take a look at what PDABs are, how they work, and what other states have them here.

The Industry

According to a new report published by PitchBook, private equity investment in healthcare providers is fairly small (4%), despite the swell of political and media attention to its role in the healthcare ecosystem.

According to a report from the Congressional Budget Office, the percentage of Americans without health insurance is expected to rise from 7.7% in 2024 to 8.9% in 2034.

• The end of C19-related Medicaid policies, enhanced subsidies on the ACA marketplace that are set to expire, as well as immigration are stated to be greatly contributing to this result.

Commercial healthcare costs are expected to jump 8% in 2025 according to a new report — its highest level in 13 years — due to high prescription costs, inflation, and behavioral health utilization.

On a similar note, the percentage of American adults who can afford and access quality health care has dropped to 55%, which is 6% lower than the reported rate in 2022.

Interested in what drugs see the biggest discounts at Mark Cuban’s Cost Plus Drugs? Take a look at the top 25 here.

• The company is also temporarily allowed to import an antibiotic experiencing a shortage from a Portuguese drug company. 

HealthLeaders argues that the answer to the healthcare workforce shortage is advanced practice providers (APPs).

• The cover story examines whether hospitals should hire APPs instead of physicians and what the pros and cons of the practice could be.

Even though federal entities such as the FTC and Dept of HHS have taken steps to curb the activity, Bloomberg reports that healthcare companies are sending private consumer data to “Big Tech” – usually via the use of web trackers. This has generated a great deal of scrutiny on the companies using the tracking software, a number of lawsuits, and other implications.

This update is solely for informational purposes and should not be relied upon as legal advice.