THIS WEEK’S DOSE

• House Oversight Subcommittee Hearing with Fauci. The hearing aimed to gather more information on the response to the COVID-19 pandemic by Anthony Fauci, MD, former National Institute of Allergy and Infectious Diseases director.
• House Energy & Commerce Oversight and Investigations Subcommittee Hearing on 340B. The hearing explored how the 340B program currently works and whether it aligns with its intended functions.
• Senate Homeland Security & Governmental Affairs Committee Hearing on Cybersecurity. The hearing examined the regulatory landscape for cybersecurity and the need for harmonization.
• Senate HELP Committee Hearing on Reproductive Healthcare. The hearing assessed how the Dobbs decision has impacted women, physicians and the overall reproductive healthcare landscape.
• HHS Clarifies Notification Requirements in Wake of Change Healthcare Cybersecurity Attack. The Office of Civil Rights released a revised frequently asked questions document clarifying that stakeholders could defer to United Healthcare Group to inform patients about breaches to their protected health information.
• CMS Health Equity Conference. The conference discussed advancing health equity, including through improving access to maternal health and telehealth.
• 10 New States in CCBHC Medicaid Demonstration Program. The program provides these states with funding to expand access to mental health and substance use services.

CONGRESS

House Oversight and Accountability Select Subcommittee on the Coronavirus Pandemic Holds Hearing with Anthony Fauci, MD. This hearing marked Fauci’s first public testimony since his retirement. Fauci fielded several tough questions from committee Republicans while reiterating his commitment to impartially examining the facts regarding the origins of COVID-19. Fauci explained the challenges in achieving herd immunity for COVID-19 due to mutations and short immunity duration, clarifying that vaccine mandates were a collective decision among agencies. The discussion highlighted the lasting academic and mental health effects of the COVID-19 pandemic and the need for tailored public health measures. Members from both parties emphasized the importance of clear communication from public health officials and the need for oversight to prevent potential wrongdoing and ensure trustworthiness in health institutions.

House Energy & Commerce Oversight and Investigations Subcommittee Holds Hearing on 340B. During the hearing, members and witnesses agreed that the 340B drug discount program is vital for providers serving underserved populations and should continue. They also agreed that patients must be prioritized. Democrats raised concerns about the lack of pharmaceutical company representation on the panel when significant policy and legal concerns relate to such companies limiting access to 340B pricing today. Several Republicans focused on recently introduced legislation (HR 8574) to significantly alter the 340B program. There was discussion of potential reforms to the program and whether those would help increase transparency and ensure that the program benefits underserved patients. The reform discussion included particular focus on whether an updated “patient definition” would be of value. However, there was no consensus on any of the reform discussion.

Senate Homeland Security & Governmental Affairs Committee Holds Hearing on Cybersecurity. During the hearing, members heard from the Office of the National Cyber Director and the US Government Accountability Office. Some members expressed frustration regarding the most recent Change Healthcare cyberattack, noting the major disruptive impact it had across the US health system. The hearing cited the importance of harmonization when critical infrastructure sectors are subject to multiple cybersecurity regulations and noted that without harmonization adverse impacts can occur.

In related news, Senate Finance Committee Chairman Ron Wyden (D-OR) sent a letter to US Department of Health and Human Services (HHS) Secretary Xavier Becerra urging HHS to take immediate enforceable steps to require healthcare companies to improve their cybersecurity practices. Chairman Wyden urged HHS to:

• Require minimum, mandatory technical cybersecurity standards for systemically important entities, including clearinghouses and large health systems;
• Require such entities to meet resiliency requirements, such as being able to rebuild their infrastructure from scratch within 48 to 72 hours;
• Conduct periodic cybersecurity audits of covered entities and business associates; and
• Provide technical assistance on cybersecurity to healthcare providers.

HHS currently suggests, but does not require of healthcare entities, certain cybersecurity performance goals. HHS has announced that it is developing new regulations that could include provisions for cybersecurity requirements: a Health Insurance Portability and Accountability (HIPAA) security rule and a healthcare system resiliency and modernization rule.

Senate HELP Committee Holds Hearing on Reproductive Healthcare. The hearing highlighted how overturning Roe v. Wade has led to inconsistencies in how states manage reproductive rights and protections for abortion. It also emphasized how these inconsistencies have resulted in negative health outcomes for patients, since individuals must now travel to receive care that they could previously access locally. Many Democrats aligned with pro-choice views, advocating for contraceptive and reproductive health protections for abortion rights. Many Republicans supported abortion restrictions, citing the concept of fetal personhood. The hearing demonstrated a concern about healthcare providers leaving states with restrictive abortion laws. Reproductive health experts may hesitate to practice in the areas where they are most needed because of fears of facing legal repercussions for providing abortion care.

ADMINISTRATION

HHS Clarifies Notification Requirements in Wake of Change Healthcare Cybersecurity Attack. Following advocacy from several stakeholders, the HHS Office of Civil Rights (OCR) revised its frequently asked questions document (FAQs) regarding the Change Healthcare cybersecurity attack to clarify that physicians, hospitals and other providers may defer to United Healthcare Group (UHG) to inform patients about any breaches to their protected health information (PHI).

Under HIPAA, covered entities (e.g., providers, insurers) have up to 60 calendar days from the date of discovery of a breach of unsecured PHI to file breach reports with HHS. Covered entities that discover a breach also must notify affected individuals “without unreasonable delay.”

In the newly issued FAQs (FAQs 6 and 7), OCR states that UHG has not yet declared an official breach notification at this time. OCR also points to FAQs released by UHG that state: “to help ease reporting obligations on other stakeholders whose data may have been compromised as part of this cyberattack, UnitedHealth Group has offered to make notifications and undertake related administrative requirements on behalf of any provider or customer.”

While OCR is trying to make it clear that physicians, hospitals and other providers do not have to take any action at this time to fulfill their legal obligations under HIPAA, it is important to note that other federal or state laws governing data breaches may still need to be considered.

CMS Hosts Health Equity Conference. Last week, the Centers for Medicare & Medicaid Services (CMS) held the second annual CMS Health Equity Conference. The event was hosted by CMS’s Office of Minority Health. During the conference, CMS Administrator Chiquita Brooks-LaSure highlighted the progress made in this administration toward advancing equity and touted several health equity regulatory actions, including the recent Ensuring Access to Medicaid Services final rule. The conference also included discussion on maternal health, especially the need to integrate mental health services into maternal healthcare. The conference also highlighted the need to expand access to telehealth services for the treatment of individuals with disabilities. The discussions from the conference made clear that while there has been progress in advancing health equity, there still remains much more work to be done to reduce disparities in health outcomes. Read more about the conference at our Regs & Eggs blog.

Administration Adds 10 New States to CCBHC Medicaid Demonstration Program. HHS, through CMS in partnership with the Substance Abuse and Mental Health Services Administration, welcomed 10 new states into the Certified Community Behavioral Health Clinic (CCBHC) Medicaid Demonstration Program. The new states are Alabama, Illinois, Indiana, Iowa, Kansas, Maine, New Hampshire, New Mexico, Rhode Island and Vermont, joining the eight states already participating in the demo – Michigan, Missouri, Kentucky, Nevada, New Jersey, New York, Oklahoma and Oregon.

The CCBHC program provides these states with funding to help them expand access to mental health and substance use services. CCBHCs are required to ensure access to a comprehensive range of services, including crisis services that are available 24 hours a day, seven days a week. CCBHCs are also required to provide routine outpatient care within 10 business days.

QUICK HITS

• Reps. Pallone (D-NJ) and Nadler (D-NY) Send Letter to Administration on Private Equity. House Energy & Commerce Committee Ranking Member Pallone and House Judiciary Committee Ranking Member Nadler sent the letter to HHS, the US Department of Justice, and the Federal Trade Commission. The letter commends the Administration for opening a public inquiry into how private equity and corporate greed has affected Americans’ health care. The letter also highlights key concerns about private equity’s growing role in the healthcare system and notes the recent congressional oversight and inquiry efforts into private equity’s impact on health.
• CMS Issues FAQs on Medicaid and CHIP Coverage of Peer Support Services. The document provides clarifications regarding previously established policy on Medicaid and Children’s Health Insurance Program (CHIP) coverage of peer support services outlined in the State Medicaid Director letter on this topic. CMS encourages states to expand availability and utilization of peer support services to adults, youth and families who experience mental health conditions and/or substance use disorders, including by allowing coverage of peer support services in emergency room and inpatient settings.
• HHS Releases Strategic Framework for National Plan on Aging. The report outlines a coordinated effort across the private and public sectors and in partnership with older adults, family caregivers, the aging services network and other stakeholders to create a national set of recommendations for advancing healthy aging and age-friendly communities that value and truly include older adults. Read the HHS press release here.
• HRSA Announces New Investments in Rural Maternal Health. The Health Resources and Services Administration (HRSA) announced an investment of $15 million over four years through the Rural Maternity and Obstetrics Management Strategies Program to improve maternal health in rural communities. The investment also supports a new program focused on strengthening maternal care and reducing disparities in the Delta region (within Alabama, Arkansas, Illinois, Kentucky, Louisiana, Mississippi, Missouri and Tennessee).

NEXT WEEK’S DIAGNOSIS

Congress will be in session next week, with healthcare activity at the committee level, likely including a markup in the House Energy & Commerce Committee and a hearing with the CMS Innovation Center.