Skip to Main Content

January 2022  Volume 3Issue 1
Health Law Connections

Top Ten Issues in Health Law 2022

  • January 01, 2022
  • Lisa A. Lucido , Hall Render Killian Heath & Lyman PC
  • Benjamin C. Fee , Hall Render Killian Heath & Lyman PC
  • Lisl Dunlop , Axinn Veltrop & Harkrider LLP
  • Jody Rudman , Husch Blackwell LLP
  • Shalyn Smith McKitt , Balch & Bingham LLP
  • Nathan A. Kottkamp , Williams Mullen
  • Tiffany Buckley-Norwood , Trinity Health Corporation
  • Michael Herald , Guardian Healthcare
  • Sarah Swank , Nixon Peabody LLP
  • Purvi Badiani Maniar , Norton Rose Fulbright
  • Tiana Korley , University of Michigan Office of the General Counsel
  • Robin Locke Nagele , Post & Schell PC
Top Ten Issues in Health Law Article Image

1. Full Disclosure—Surprise Billing and Hospital Price Transparency in 2022

Lisa A. Lucido and Benjamin C. Fee, Hall Render Killian Heath & Lyman PC

+Listen to Episode 1

In an effort to promote greater transparency for consumers in health care, Congress, the Department of Health and Human Services (HHS), the Centers for Medicare & Medicaid Services (CMS), and several states have implemented laws and regulations related to price transparency and surprise billing.

Surprise Billing. After years of debating a federal solution to end surprise medical bills, on December 22, 2020, Congress passed the No Surprises Act (Act). At a high level, the Act prohibits balance billing for: (1) emergency services provided by an out-of-network provider; (2) non-emergency services provided by an out-of-network provider at an in-network facility; and (3) air ambulance services. The requirements under the Act were effective January 1, 2022.

HHS, the Department of Labor, the Department of Treasury, and the Office of Personnel Management (collectively, Departments) issued two interim final rules (IFRs) on July 13, 2021 and September 30, 2021, respectively, to implement certain provisions of the Act. The first round of rulemaking addressed: (1) the scope of the surprise billing prohibition; (2) the process by which patient cost-sharing and the provider out-of-network rate is calculated; (3) the notice and consent process in cases where patients can waive their balance-billing protections under the Act; and (4) a complaint process for any potential violations. The second IFR addressed (in relevant part): (1) the independent dispute resolution process; (2) the good faith estimate requirements for uninsured/self-pay patients; and (3) the patient-provider dispute resolution process.

Looking to the Future—Implementation, Enforcement, Future Rulemaking, and Legal Challenges. Implementation of the Act requires substantial changes in how providers, facilities, and health plans operate. Internal workflows, technology, and communication processes with patients will need to be revamped to comply with the requirements under the Act. While HHS has deferred enforcement of some of the Act’s requirements including: (1) the requirement for providers/facilities to provide a good faith estimate for insured patients; and (2) the requirement the good faith estimate include expected charges from co-providers and co-facilities, it is not known whether HHS will exercise its enforcement discretion elsewhere. Additionally, several other key provisions of the Act are still subject to future rulemaking, including: (1) implementation of plan and issuer drug price reporting; and (2) implementation of the good faith estimate process and advanced explanation of benefits (EOB) for insured individuals. Only time will tell whether HHS will respond to stakeholder concerns through further rulemaking, sub-regulatory guidance, or additional enforcement delays. On December 9, 2021, the American Hospital Association and the American Medical Association along with two health systems and two physician groups filed a lawsuit challenging a part of the September 30 IFR that establishes a presumption in favor of the median in-network rate during disputes between providers and health insurers. Providers should closely monitor the challenge and its impact on the Departments’ regulations as the litigation moves forward.

Hospital Price Transparency Enforcement Ramps-Up. The federal regulation requiring hospitals to publicly disclose the prices they charge for items and services, including negotiated reimbursement rates with third-party payers, was effective January 1, 2021. The rule survived multiple legal challenges and the change in administrations following the 2020 presidential election. In fact, the Biden administration has only reinforced the federal government’s commitment to ensuring consumers have access to health care pricing information.

As evidence of that commitment, CMS audited hospital compliance with the price transparency rule throughout 2021. Those audits resulted in hundreds of hospitals receiving warning letters for noncompliance, usually with a 90-day period to resolve the cited deficiencies. Although there were no public reports of CMS penalizing a hospital for noncompliance as of this writing, such occurrences appear inevitable given the administration’s commitment to enforcement.

CMS also finalized increases in the financial penalties for noncompliance. The original rule capped the financial penalty at $300 per day per hospital, a relatively insignificant amount that likely contributed to hospital noncompliance. As a result, CMS raised the financial penalties to $10 per day per bed for most hospitals. Hospitals with 30 beds or fewer are still subject to a minimum penalty of $300 per day and hospitals over 550 beds a maximum penalty of $5,500 per day. The change increases the potential penalties for a year of noncompliance for hospitals over 550 beds from $109,500 to a maximum of $2,007,500. The increased penalties apply to noncompliance beginning January 1, 2022.

Good Faith Estimates. Along with the increased enforcement of the hospital price transparency rules, HHS finalized rulemaking implementing a provision in the Act that requires providers to communicate a “good faith estimate” (GFE) of expected charges to uninsured (including self-pay) patients upon their request and at the time of scheduling the health care item or service. That requirement begins January 1, 2022. Future rulemaking will implement a similar requirement for providers to provide payers a GFE of expected charges for insured patients. These new requirements only reaffirm the ongoing commitment from the federal government to price transparency in health care.

2. Provider M&A Faces New Antitrust Headwinds

Lisl Dunlop, Axinn Veltrop & Harkrider LLP

+Listen to Episode 2

The change in administration has brought a more aggressive approach to antitrust enforcement with a sharp focus on the health care industry. In July 2021, President Biden issued a sweeping Executive Order on Promoting Competition in the American Economy reasserting the administration’s policy to vigorously enforce the antitrust laws through a whole-of-government approach.1 The Biden Executive Order pointed out that past health care mergers had led to a situation where the ten largest health care systems now control a quarter of the market, and hospital consolidation has left many geographic areas, especially rural communities, without good options for convenient and affordable health care. The Biden Executive Order exhorted the Federal Trade Commission (FTC) and Department of Justice (DOJ) Antitrust Division to step up their enforcement activities to address these problems. 

While the antitrust agencies have had a successful program of enforcement against health care mergers throughout the Trump administration and earlier Democratic administrations—including bringing several successful court challenges—the Biden Executive Order, as well as recent agency statements and actions, signal a major shift in the way that the agencies (in particular the FTC) will approach provider mergers going into 2022 and beyond. 

Investigations with Broader Scope. FTC Chair Khan’s October 2021 memo to staff on the Commission’s priorities identified the need to use a broader frame of reference to assess the effects of transactions on competition. In contrast to the traditional approach of analyzing provider transactions primarily in terms of their impact on prices paid by commercial insurers, Khan has directed staff to consider a wider range of effects, such as impacts on workers and small businesses and effects on marginalized communities. Providers with deals before the Commission are already seeing a significantly wider range of questions from the FTC around the possible effects of the deal on medical professionals and other staff, including the existence of non-compete agreements and other aspects of competition relating to employment. The socioeconomic impacts of transactions also are likely to become an area of interest; although transactions can lead to increased investment in health care assets in marginalized communities, demonstrating such procompetitive impact can be challenging. 

New Guidelines and Changing Approaches. Consistent with the Biden Executive Order and the FTC’s new “holistic” approach, both antitrust agencies have announced a review of the current horizontal merger guidelines, suggesting that the current version (introduced in 2010) may be “overly permissive.” The FTC has already taken a more dramatic step in repealing vertical merger guidelines that were introduced only last year, with the Democratic Commissioners expressing doubts as to the basis for arguments that vertical integration can have procompetitive effects. It is also likely that the 25-year-old joint agency Statements of Antitrust Enforcement Policy in Health Care—which extend far beyond mergers—also will be reconsidered. The underlying presumption for these developments is that the existing agency guidelines under which health care transactions have been judged in the past have contributed to the current “rampant consolidation and dominance” and need to be changed. Until new guidance issues, however, there will be more uncertainty about how the agencies will approach health care deals. 

More Investigations of Consummated Transactions. The Biden Executive Order encouraged the FTC and DOJ to “challenge prior bad mergers that past Administrations did not previously challenge.”2 In addition, ostensibly due to workload constraints, the FTC has taken the approach of sending merging parties a letter after the expiration of the Hart-Scott-Rodino (HSR) premerger notification waiting period indicating that the investigation is ongoing and that they complete their deal at their own risk. While post-consummation challenges were not unknown before now, they have been relatively rare, particularly when a transaction had been through the HSR review process. Organizations that have previously completed significant transactions should anticipate new and ongoing inquiries from the FTC, which may lead to enforcement action. 

Increased Attention to Non-Hospital Provider Mergers. Early in 2021, the FTC initiated a study of the impacts of non-hospital provider mergers—including combinations of physician groups, hospital acquisitions of physician practices, and mergers of non-hospital outpatient facilities—examining both price effects and non-price factors, such as health care outcomes. While the FTC has in the past investigated and challenged physician group mergers, such as Sanford Health’s acquisition of Mid-Dakota Clinic in 2017, parties are likely to see more investigations of transactions involving providers and potentially more enforcement activity, including challenges to consummated deals, as the results of the FTC’s study become available.

3. Pandemic-Related Enforcement and Oversight

Jody Rudman, Husch Blackwell LLP

+Listen to Episode 3

The COVID-19 pandemic ushered in an unprecedented array of measures to provide relief, assistance, and monetary protections for Americans, businesses, and health care systems and providers, among others. The Coronavirus, Aid, Relief, and Economic Security Act (CARES Act), signed into law on March 27, 2020, served as the initial major relief package. The CARES Act alone made available $2.2 trillion in relief funds through a number of programs.3 These include the Paycheck Protection Program (PPP) and Provider Relief Fund.4

With any funding mechanism of such a substantial size, post-hoc enforcement is inevitable. Indeed, DOJ quickly proclaimed its intention to investigate misconduct associated with CARES Act and COVID-19.5 Hotlines were established for reporting fraud and U.S. Attorneys’ Offices were encouraged to maintain prosecution resources dedicated to COVID-19-related fraud cases.6 While the rollout of the CARES Act and other pandemic relief programs was extremely quick, many investigations, audits, and enforcement activities—particularly with regard to the Provider Relief Fund—will likely take years.

Early enforcement efforts of misused CARES Act funds are already well under way. Less than a year after the pandemic began, DOJ announced scores of criminal fraud cases, at least 11 civil fraud actions to enjoin fraudulent coronavirus-related schemes, and more than 50 PPP cases involving over $225 million in intended loss.7 Loan applicants who lied on their applications about their businesses or who claimed entitlement to funds not borne out by actual fact have already been the target of investigation and prosecution. Similarly, federal prosecutors and investigating agencies have uncovered and pursued the misuse of PPP funds for luxury purchases, the payment of personal debt, stock market investments, and the like.8 These types of enforcement efforts are ongoing and can be expected to continue steadily for some time.

More complex investigations and more complicated fraud schemes or False Claims Act cases will likely follow audits under the CARES Act’s Provider Relief Fund. Recipients of CARES Act funding have found themselves navigating through complex and changing terms and conditions of participation in the program. The first tranche of funding simply arrived in providers’ bank accounts, with an after-the-fact attestation or presumed attestation of entitlement to the funds if they were not returned. Guidance governing entitlement and reporting has shifted over time. Recipients are bound to spend the funds within the boundaries of the program, but that guidance has been similarly uneven. The program itself entails mandatory reporting, self-auditing, audits by HHS, and claw-backs of funds improvidently granted or improperly spent. This is a recipe ripe for years of enforcement efforts.

Enforcement activity may come from any number of sources, some established within the CARES Act itself, and others that already exist in the law. These include the Office of Inspector General for Pandemic Recovery, which exists within the Department of the Treasury and oversees the PPP, among other programs; and the Pandemic Response Accountability Committee, which consists of 20 Inspectors General of various Departments and is tasked with conducting, coordinating, and supporting them in their oversight of CARES Act funds. Enforcement mechanisms also include the existing federal False Claims Act9 and a number of criminal laws that are used to prosecute and punish fraud schemes.

Contemporaneous documentation will be key as the audits and investigations unfold. Keeping guidance documents, even as they shifted, that bore upon decision making will prove a helpful tool for proving good faith. Internal audits, including responsiveness to employee or whistleblower concerns, should help mitigate future problems. Targets of enforcement activities would be wise to have a response plan and to maintain important communications. Such efforts may help minimize the risk of a negative post-hoc audit for providers.

4. Health Care Workforce Employment Law Issues to Watch in 2022

Shalyn Smith McKitt, Balch & Bingham LLP

+Listen to Episode 4

We thought 2020 was unprecedented, but health care employers were faced with new challenges in employment law as the world adapted to COVID-19 in 2021. And 2022 won’t be any different. The introduction of vaccines in 2021 led to workforce dilemmas and the shift to the new “normal” called for regulation of the industry regarding the safety and welfare of health care employees. In 2022, four issues for health care employers to watch are discussed below.

Vaccine Mandates. As 2021 came to a close, the issue of requiring employees to be vaccinated became even more contentious than before. As a result, health care employers will most likely find themselves torn between implementing vaccination policies and foregoing them in 2022. In September 2021, President Biden ordered vaccination mandates for the federal workforce, federal contractors, and private sector businesses with more than 100 employees. The administration also announced that it would require COVID-19 vaccinations for health care workers in hospitals and other facilities and settings that participate in Medicare and Medicaid. This order came shortly after litigation in multiple states where hospital employees refused to follow hospital policy requiring COVID-19 vaccination. Under an interim final rule issued in November 2021, CMS required health care providers to establish policies to ensure all eligible staff get vaccinated by January 4, 2022. However, federal courts in Missouri and Louisiana granted preliminary injunctions blocking the administration from enforcing the vaccination requirement for health care workers nationwide after finding the states challenging the IFR were likely to succeed on their claim that CMS exceeded its statutory authority. The Fifth Circuit later narrowed the scope of the injunction so that the administration is now enjoined from enforcing the mandate in 24 states. As of this writing, the administration had asked the Supreme Court to allow the vaccination mandate for health care workers to go into effect in those states while appeals proceed in the two challenges. In 2022, health care employers will have to monitor how these challenges play out in court or decide to move forward with vaccination requirements on their own.

COVID-19 Exposure Liability. 2021 marked the beginning of lawsuits from family members of health care workers who contracted COVID-19 when at work. Cases in New Jersey and Illinois demonstrate just how unexpected these lawsuits were, and likely will be in the coming year. Essentially, most workforce members are usually prohibited from bringing suit against their employers for contracting a disease at work under workers’ compensation laws. But, when a family member is exposed due to an employer’s negligent management of the disease in the workplace, the employer is exposed to liability. Employers will need to ensure they follow government guidelines and manage the spread of COVID-19 to avoid these lawsuits.

Staffing Shortages. In 2022, the health care workforce shortage will probably continue its spiral, and health care providers will be faced with more challenges than ever before. It is currently estimated that by 2030 there will be a global shortfall of more than 10 million nurses, for example. Research shows that COVID-19 has impacted the health care workforce both physically and mentally. Employees are not only more susceptible to contracting COVID-19, but they are also prone to increased stress and mental health issues. Health care providers have to take time in 2022 to focus on retaining and growing their workforces before it is too late. Organizations like the World Health Organization and the American Hospital Association have published widely on this topic and can be great resources for health care employers.

Whistleblower Cases on the Rise. States are reacting to the rise of whistleblower claims related to COVID-19, and 2022 will likely signal a new era for these claims for health care providers. Generally, under federal law and most state laws, employers cannot retaliate against an employee who reports a practice that threatens public health and safety. However, in 2020 and 2021 these complaints skyrocketed due to employees with concerns regarding the availability of personal protective equipment (PPE), the implementation of facemask policies, or lack of COVID-19-related training. Cases in California, Texas, and Illinois included employees who raised these kinds of concerns and were ultimately terminated. New York has already started to react to this phenomenon by updating its labor laws in 2020, but other states are sure to follow.

5. Beware, Ransomware: Considerations When System Access Exceeds the Value of the (Digital) Assets

Nathan A. Kottkamp, Williams Mullen

+Listen to Episode 5

Ransomware is a current darling of cybercriminals for a broad array of industries, and for good reason: the return on investment from extortion can be extraordinary. The health care industry is particularly vulnerable because the value and importance of having access to data are separate from, and often greater than, the inherent value of the data itself.

As a general matter, cybercrime is pervasive because nearly all important information in today’s world is digital. Recall the famous quote from Willie Sutton on why he robbed banks: “Because that’s where the money is.” Today, the value of so many things is in bits and bytes. And, unfortunately, cybercriminals have learned that breaking into “secure” systems is actually not overly difficult.

Once the criminals compromise a system, the next question is what to do. The most obvious options include (1) stealing and selling data, (2) using the data to establish financial fraud schemes, and (3) holding the entity hostage. Since the first two options often require considerable follow-up work and leave more detailed cyber footprints, the returns on “investment” make them less attractive for many cybercriminals. By contrast, holding an entity hostage with an encryption program is comparatively simple, and the payout (where the attack actually yields a ransom) is nearly immediate. Furthermore, the rise of cryptocurrency has made the receipt of ransom funds substantially easier and swifter than traditional methods of exchanging and/or laundering large amounts of money and/or trying to sell health information on the “dark web.” Finally, with respect to scale, the effort to breach security may not differ all that much based on the entity’s size. As a result, cybercriminals have an incentive to go big.

As frustrating as it may be, at this point in the evolution of our digital lives, the risk of ransomware should not be considered a surprise for any entity. Therefore, all entities should have a response plan, with at least three core components:

  • Preventive: keep educating employees about the fundamental ways in which digital systems become compromised, particularly how the vast majority of compromises involve basic gullibility and human error.
  • Operational: by maintaining a robust system of backups, redundancies, and data segmentation, entities can substantially reduce the impact on their systems.
  • Strategic: to pay or not to pay, that is the question. If the entity anticipates a willingness to pay, it should consider such variables as its payout limit, how it will assemble the funds, and whether anyone in the organization has cryptocurrency experience. If the entity plans not to pay, it should consider its strategies and alternatives to operating without the original data, what kind of messaging it will provide to patients and business partners while its systems are compromised, and its public image management if the ransomware attack blows up in the traditional or social media.

Beyond the above, all entities should have robust cyberinsurance to help mitigate the costs of managing an attack.10

It would be helpful if there were straightforward and consistent guidance on what to do in response to an attack. Unfortunately, recommendations and actual experiences vary. Remarkably, even the Federal Bureau of Investigation (FBI) does not take a strong position; instead, it offers only that “The FBI does not encourage paying a ransom to criminal actors.”11 Furthermore, it is likely (but not entirely clear) that paying a ransom is de facto illegal under certain current laws. There also are various proposed laws floating around state legislatures that would directly and expressly address the legality of such payments. Of course, punishing the victims of an attack may not reduce the number of attacks or the number of payments. Reporting matters to law enforcement is sensible, but it may not help a current victim. Finally, despite the encouraging news that DOJ was able to recover a significant portion of the Colonial Pipeline ransom, it is unlikely that law enforcement would devote similar recoupment efforts to small medical practices or facilities. As a result, health care entities may be left with little practical guidance and few supports in the event of an attack.

In the context above, response strategies have become even more complicated by questionable reliability of the criminals to do as they say. Specifically, there is a significant risk that the criminals will take a victim’s money but then not actually return/release the ransomed data. Another risk is that paying a ransom in the first place may increase the likelihood of being a repeat victim based on the presumption that payment once signals willingness to pay again. For what it is worth, game theory probably has a lot to say about ransomware for both the bad actors and the victims. Specifically, if too many criminals fail to restore encrypted data, then victims will be much less likely to pay. If victims uniformly refuse to pay, then ransomware may be worthless. Of course, with so many actors, the range of responses is all but certain to keep ransomware around for a while.

While the discussion above primarily focuses on money and logistics, it is important not to lose sight of why health care entities (and those with which they contract) are particularly vulnerable: lives depend on data. Significantly, a case that is currently working through the courts expressly poses the question about causation between a ransomware attack and a baby’s death. Specifically, according to the lawsuit, a multi-day ransomware attack on Springhill Medical Center compromised a wide array of the hospital’s systems, including its fetal monitors, which led to the failure to detect complications with one of the hospital’s pregnant patients and which then was a material cause of the baby’s death nine months after birth.12 Regardless of the outcome of this particular case, there will undoubtedly be subsequent lawsuits, presumably with much tighter facts and easier causation arguments.

Finally, as if the above issues with ransomware were not enough for providers, the Office for Civil Rights (OCR) has taken the position that all ransomware incidents must be considered under the Health Insurance Portability and Accountability Act (HIPAA) Breach Notification Rule.13 Significantly, because there are no bright line standards in the Breach Risk Assessment requirements,14 entities may be forced to make the difficult choice of providing expensive and potentially image-damaging notice about an event that actually may not have compromised patient information in the first place or, in the alternative, risk a significant enforcement penalty if the OCR learns about the incident and then disagrees with the entity’s breach risk assessment conclusions.

Unfortunately, the risks of ransomware are not limited to organizations. The stakes are growing at the personal level as “connected” devices and the “internet of things” put more and more health information in internet-accessible form. Imagine a person with a connected pacemaker who receives an email saying: “I’ve hacked your heart, now pay up in bitcoin,” or consider a diabetic individual who gets a text along these lines: “Do you know what your blood sugar is right now? I do. To unlock your monitor, send $100 to [anonymous account].” With these types of situations, game theory, once again, comes into play, where the scope, amount of ransom, and ease of payment may enable criminals to make a fortune from a large-scale attack with relatively small ransoms that are very likely to be paid because the risks of non-payment are potentially fatal. It is for these circumstances, that anyone developing a health care app or a connected device should incorporate robust security features at the absolute outset of the design process (i.e., “security by design”). Similarly, providers, insurers, or others who recommend or reimburse for the use of connected devices should be mindful of the security features built into the systems, lest they find themselves indirectly liable for individual device attacks.

As long as information is digital, it will be vulnerable. And, it is foolish to assume that the cybersecurity industry will actually stay ahead of cybercriminals. Of course, this does not mean ignoring technical features to minimize the risk of a successful attack or structural/operational features to reduce the impact of a successful attack. But reliance on these measures is not enough; workforce education is also essential.

Until cybercriminals move on to a new favorite method of attack, entities should assume that a ransomware attack could happen at any moment. As a result, it is essential to have a logistical plan for either restoring the entity’s relevant data or operating without such data, and it is equally important to have a strategy regarding whether to pay. With any luck, a victim entity will merely have to deal with the significant challenges of implementing its plan rather than the even greater challenge of figuring out its plan and rolling it out at the same time. #forewarnedisforearmed

6. The Health Care Workforce IDEA (Inclusion, Diversity, Equity & Accessibility)

Tiffany Buckley-Norwood, Trinity Health

+Listen to Episode 6

Diversity and inclusion in the health care workplace carries several benefits, such as higher employee morale, better recruitment and retention, more creative problem solving through varied perspectives, and better care for the community.15 The following are three areas to watch.

Defining Diversity. As health care employers continue to create and implement diversity initiatives, it is important to define diversity. That definition may continue to change in 2022, just as it has in the past. Early civil rights laws, such as the Equal Pay Act of 1963, Title VII of the Civil Rights Act of 1964, and the Age Discrimination in Employment Act (1967), in addition to early Presidential Executive Orders, reflect that the conversation about diversity began with overt characteristics, such as race, gender, religion, and national origin. Next the diversity discussion continued to expand to protections for medical condition such as disability, pregnancy, and genetic information. This is seen in the passage of the Pregnancy Discrimination Act (1978), Americans with Disabilities Act of 1990, Family Medical Leave Act (1993), and Genetic Information Nondiscrimination Act (2008). Then, the diversity conversation expanded again to include more discussions around equity, accessibility, and sexual orientation. This is seen in the passage of the Lilly Ledbetter Fair Pay Act (2009), the accessibility and breast milk expression provisions of the Affordable Care Act (2010), and changes to existing laws to include gender identity and sexual orientation as forms of sex discrimination.16 It is also seen in the passage of numerous state laws related to pay equity and paid family and medical leave. The definition of diversity will likely continue to expand into 2022 to involve more lifestyle topics. During the pandemic, employees spent more time with their families and working from home, which has prompted them to reevaluate how work impacts their life.

As the definition of diversity continues to expand, employers will need to be able to clearly articulate what “diversity” means for their organization. A starting foundation should be state and federal civil rights laws to avoid creating unlawful policies. But the culture of a health care workplace should also dictate other specifics of the diversity definition for the organization.

Unconscious Bias and Microaggressions. Just as the definition of diversity has expanded, the definition of inequality has as well. In 2020 and 2021, the terms “unconscious bias” and “microaggressions” became more prominent in the national dialogue around diversity and inclusion. Specific to the health care industry, there was a focus on health care inequalities (particularly related to the pandemic), potential causes for those inequalities, and laws that could be enacted to remediate those causes. For example, on June 1, 2021, Michigan’s Department of Licensing and Regulatory Affairs (LARA) adopted new administrative rules mandating implicit bias training as part of the knowledge and skills necessary for obtaining and maintaining a health care license in Michigan.17 More states may make unconscious bias training mandatory for health care workers. Additionally, more health care employers may voluntarily decide to include an unconscious bias segment in their training. In doing so, however, it is important to be aware of any laws or regulations that dictate or restrict the content of that training. For example, now-revoked federal Executive Order 13950 prohibited federal contractors from using certain types of diversity and unconscious bias training.

Use of Statistics in Diversity Initiatives. Under the federal Executive Order 11246, the Rehabilitation Act, and Vietnam Era Veterans Act, many health care employers who are federal contractors are already required to utilize statistics to create diversity goals as part of a formal affirmative action plan. But other employers are starting to see the benefit of using statistics to be more efficient in creating and tracking their strategic diversity initiatives. While such statistics can be a benefit, there are certain pitfalls that should be avoided. For example, public pronouncements that involve statistics should be carefully worded to minimize claims of intentional discrimination or disparate impact discrimination, in violation of state and federal civil rights laws. Likewise, while it is permissible to create goals based on diversity analytics, creating quotas may lead to claims of discrimination. Thus, it is important to have an employment attorney familiar with the pitfalls of such statistical analysis review any strategic plan based on diversity analytics for appropriate wording.

In conclusion, the conversation around what constitutes diversity and how to achieve it will continue to evolve in 2022. It is important to remain up to date on the laws regulating this area to avoid pitfalls.

7. Securing the Supply Chain for Health Care Providers

Michael Herald, Guardian Healthcare, and Sarah Swank, Nixon Peabody LLP

+Listen to Episode 7

In the early days of the pandemic, many health care providers, their workers, and patients experienced first-hand the impact of supply chain disruption. Supplies such as masks, gloves, and gowns used to keep workers safe were in limited supply. In some parts of the country, supply chain issues left surging hospitals without enough PPE or ventilators to care for those infected with COVID-19.

Today, challenges with the supply chain persist. While the global marketplace has slowly reopened and manufacturing has resumed, we are still competing for scarce resources with other countries. The United States also has experienced an inability to manage the uptick in imports at major shipping ports due largely to a lack of drivers for the trucks that play an important role in carrying goods out of ports for delivery. Critical medical supplies and equipment remain in short supply, potentially jeopardizing patient care or worker safety.

FDA Guidance and Waivers. During the initial weeks of the pandemic, the Food and Drug Administration (FDA) in conjunction with the Centers for Disease Control and Prevention (CDC) provided guidance regarding alternatives to PPE such as cloth masks and actions to take when medical supplies were low. In October 2021, the FDA published a notice announcing the process for making COVID-19 guidance available to the public, including periodic publication of consolidated notices describing all COVID-19-related guidance issued during a relevant period.18 The FDA said the new process will help the agency to more rapidly disseminate and implement recommendations and policies related to COVID-19. Earlier in the year, the FDA published updated information on exercising enforcement discretion for importing certain medical devices during the pandemic. Providers should look to prior guidance on single use and infection control processes with concerns of medical supply shortages.

OSHA Enforcement. Procuring PPE like N95 respirators has always been important for health care providers. The Occupational Safety and Health Administration’s (OSHA’s) respiratory protection program standard requires employers to provide appropriate protection for employees from a known hazard, like COVID-19, in the workplace.19 OSHA and many state agencies are updating guidance for employers as the pandemic continues. Providers must ensure they secure adequate supplies of PPE for health care workers to avoid fines and penalties from OSHA or state agencies.

Defense Production Act. During the initial phase of the pandemic, it quickly became apparent that the national stockpile did not contain sufficient supplies to support the increased demand across the country as individual health care providers experienced shortfalls in their own inventory. Eventually, the Federal Emergency Management Agency (FEMA) and HHS moved to increase supply and domestic production of medical supplies and equipment under the Defense Production Act. FEMA and Customs and Border Protection also continue to work to prevent domestic brokers, distributors, and others from diverting critical medical resources overseas.

Role of States. Individual health care providers and states were also competing for the same limited resources. State governors prepared executive orders to address supply shortages especially in surge areas. For example, in New York, a ventilator shortage during the initial surges of the pandemic prompted the governor to issue an executive order allowing supplies, equipment, and staff to be redistributed across the state to hard hit areas, as well as acknowledging that ventilators intended for one patient were now being used for two patients.

Supply Chain Fraud. The supply shortage also opened the door to fraudulent activity. On April 2, 2020, DOJ released an alert regarding enforcement by the FBI and DOJ against those hoarding scarce medical supplies like PPE and hand sanitizer and then selling them at excessive prices.20 Other health care providers experienced fraud when they ordered and paid for critical supplies that never arrived. The FBI issued releases to look out for suspicious activity related to fraudulent sales, including warning signs such as unusual payment terms, last-minute excuses for delays in shipment, and last-minute changes in payment terms.

Crisis Standard of Care. COVID-19 pandemic surges have impacted health care system capacity including space, staff, and supplies. A crisis standard of care describes the plan for managing patient services and allocating scarce resources. A crisis standard is defined as a substantial change in usual health care operations and the level of care it is possible to deliver during a pervasive or catastrophic disaster. Reviewing and planning for a crisis standard of care prior to a surge helps ensure health care providers have critical guidance in place before facing a need to ration or allocate scarce resources.

It Is Not Over. As the pandemic continues, the idea of a well-managed supply chain is being redefined. Supply chain models used to reward those who kept a limited supply of what they needed on hand with close review of expiration dates to eliminate waste. As we look to 2022 and beyond, the global pandemic may have a lasting impact on how the medical supply chain affects the delivery of health care.

8. Behavioral Health Transactions Outlook for 2022

Purvi Maniar, Norton Rose Fulbright US LLP

+Listen to Episode 8

A Pandemic Within a Pandemic. Already one of the most active sectors in health care mergers and acquisitions for a number of years, behavioral health was propelled to the forefront by the challenge to our collective mental health and wellbeing posed by COVID-19. During the pandemic, about four in ten adults nationwide have reported symptoms of anxiety or depressive disorder—a four-fold increase from pre-pandemic levels.21 While rates of childhood mental health concerns and suicide have been rising steadily since 2010, the pandemic also intensified this crisis. Following dramatic increases across the country in emergency department visits for pediatric mental health emergencies, including suicide attempts, the American Academy of Pediatrics, the American Academy of Child and Adolescent Psychiatry, and the Children’s Hospital Association recently jointly declared a National State of Emergency in Children’s Mental Health, issuing a call to action to policy makers.22

Increased Market Activity. The increase in demand led to several significant behavioral health transactions in 2021. For example, Lyra Health, which provides comprehensive mental health services through employee assistance programs, raised $200 million in its latest funding round (bringing its valuation to over $2 billion) in order to accelerate delivery of mental health benefits for companies with employees around the world.23 In June 2021, global investment giant, KKR announced the launch of Geode Health, which intends to build a new platform to offer in-person and virtual outpatient mental health across the United States. Overall, by the second quarter of 2021, there were already 119 behavioral health transactions, on track to more than double the 179 transactions completed in all of 2020.

Regulatory Advances. On the regulatory side, the federal Consolidated Appropriations Act, 2021 (CAA) amended the federal Mental Health Parity and Addiction Equity Act, including new reporting and oversight requirements focused on strengthening mental health parity requirements applicable to group health plans. The CAA as well as the American Rescue Plan Act of 2021 continued and expanded telehealth funding and reimbursement due to the COVID-19 public health emergency.24 These funding and reimbursement expansions, as well as regulatory flexibility implemented in 2020 related to physician state licensure, prescribing controlled substances, and HIPAA compliance related to the provision of telehealth (including telebehavioral health) services, are limited to the duration of the public health emergency at the time of this writing. However, they have helped prove the effectiveness of health care services via telemedicine, particularly in behavioral health. Given the national shortage in behavioral health providers, as well as the fact that, because a physical exam is usually not required, behavioral health services can generally be provided remotely much more often than general telemedicine services, key stakeholder groups are pushing to make these changes permanent. In light of the growing pediatric mental health crisis, several bills have been introduced in Congress that are intended to improve students’ access to mental health services and provide funding for suicide awareness and prevention.25 The outlook for additional helpful legislative changes is bright given the broad bipartisan support for improving behavioral health in the country.

Current Market and Consolidation. Despite the increase in behavioral health transactions, the behavioral health market remains highly fragmented. Aside from a handful of established players, most behavioral health providers are small or solo practices or operators of one to two facilities. The behavioral health market is now more ripe for consolidation than ever before driven by the wider awareness and increased prevalence of mental health and substance use disorders during the pandemic, awareness of the significant improvement in outcomes and overall cost savings that can be achieved through better integration of behavioral health care with physical health care in primary care, inpatient settings and emergency room visits, increasing progress towards overall parity of reimbursement for behavioral health services, and the relaxation of regulations related to telebehavioral health.

Consolidation of health practices and facilities by private equity and traditional health care players (such as large nonprofit behavioral health providers and hospitals and health systems) will permit consistent implementation of best practices and professional management across this sector. This consolidation will also accelerate the movement towards better integration of behavioral health with traditional health care, including collaborations and joint ventures between behavioral health providers and hospitals and health systems. Further, the increased market power brought about through the consolidation, combined with increasing awareness and demand will likely lead to higher reimbursement rates. Although the behavioral health provider shortage will remain a challenge in the near term, these market forces will attract more talent to the profession in the longer term to help bridge the gap.

Heightened Scrutiny. While generally good news, the expansion of reimbursement will like bring greater regulatory scrutiny and enforcement. Smaller behavioral health facilities and providers, many of which were largely dependent on self-pay, often flew below the radar, but large, private equity-backed players and other deep-pocketed consolidators that receive significant governmental and commercial reimbursement will become attractive targets for federal enforcement of the False Claims Act (FCA). Since 2013, at least 25 private equity-backed health care companies have paid settlements in excess of $570 million for allegedly violations of the FCA. Behavioral health companies may be at greater risk for enforcement (compared to other health care services companies) given the availability of legislative tools specific to behavioral health, such as EKRA, the Eliminating Kickbacks in Recovery Act of 2018. However, larger players in behavioral health, which have both the resources and incentives to invest in appropriate pre-acquisition diligence and maintain sound compliance programs and practices post-acquisition, have the opportunity to raise the bar for quality across the behavioral health industry as a whole.

Silver Linings. These recent market and regulatory advances in behavioral health represent significant overall progress towards closing the gap in an area of health care that has been historically misunderstood and neglected. Improving behavioral health through greater access and closer integration with physical health care represents a significant opportunity to improve health care outcomes, patient satisfaction and achieving efficiencies that will improve the bottom line. Much like the overall acceleration in telemedicine trends that resulted from the pandemic, the progress we have recently seen in behavioral health, including increased access to telebehavioral health and early attention to pediatric mental health, and will continue to see in 2022 and beyond represent some of the silver linings of a tumultuous period for health care in the United States.

9. Towards A Common Definition for Value-Based Arrangements

Tiana Korley, University of Michigan Office of the General Counsel

+Listen to Episode 9

A survey of the general public revealed that among the small number of respondents who had heard of the phrase “value-based care,” there were widespread differences in their understanding of the phrase’s meaning.26 Many health care industry stakeholders likely find this result unsurprising. Providers traditionally have used the phrase in so many ways that it has lost some meaning.

At the end of 2020, the HHS Office of Inspector General (OIG) and CMS released companion final rules that provided a construct of “value-based care” by which we can understand what regulators and enforcement agencies believe this phrase means. With the creation of new safe harbors under the Anti-Kickback Statute (AKS) and new exceptions under the Stark Law designed to facilitate value-based arrangements, CMS and OIG have established a common paradigm under which providers and regulators can operate.27

Health care industry stakeholders have entirely new terminology, such as “value-based enterprises,” “target patient populations,” and “patient engagement tools and supports.” It is fair to say that with the deregulatory companion rules came numerous regulatory terms for industry stakeholders to understand and apply.

There has been some criticism from the provider community that the new regulatory flexibility did not go far enough. Some providers were unhappy that the safe harbor for care coordination arrangements includes a contribution requirement. Others wanted higher thresholds for the patient engagement tools and supports safe harbor to allow for even more expansive efforts to address social determinants of health. Furthermore, OIG declined to establish safe harbors in some areas, such as for broad waivers of cost-sharing obligations. Providers will have to continue to rely upon the advisory opinion process.

Though the final rules did not provide exhaustive relief, the latitude that providers now have to compensate physicians differently under the Stark Law, and to partner with physicians and other health care organizations under new AKS safe harbors is unprecedented. Many health care leaders have been asking for flexibility to partner in new ways around caring for patients. Such innovation can result in lower health care costs for all involved—federal health care programs (and thus taxpayers) as well as beneficiaries.

Organizations that make strategic use of this flexibility may be able to move more expeditiously out of fee-for-service and into risk-based models of care. CMS recently announced that it hopes to drive accountable care in a more meaningful way such that all Medicare beneficiaries with Parts A and B will be in a care relationship with accountability for quality and total cost of care by 2030.28 This has heightened the urgency for providers to move towards more efficient, cost-effective models of health care delivery.

Innovative leaders will leverage this regulatory flexibility to care for patients in new ways. Hospitals can now partner with each other to take care of patients with a particular medical diagnosis and more easily provide in-kind exchanges of remuneration, such as staff. As participants in value-based enterprises, hospitals can assure patients can access remote patient monitoring tools and other modalities to improve their health in alternate care settings. Hospitals can compensate physicians involved in such care coordination arrangements in a more flexible manner. This is a big win for hospitals attempting to partner with physicians—and each other—in innovative ways.

Looking to the Future. In 2022, we may see further clarity regarding how OIG and CMS interpret the new regulations. The ambiguity and newness of value-based arrangements will eventually be a target for whistleblowers. It will be interesting to see whether good faith participation in value-based enterprises negates bad intent in causes of action involving the AKS. We also may see the first advisory opinions that provide additional insight as to how OIG applies the regulations to specific arrangements.

The Medicare Trust Fund faces insolvency in 2026.29 With recent pronouncements from CMS as to the agency’s vision for federal health care programs, the question is whether in 2022 and beyond, hospitals and other health care providers successfully leverage new flexibilities to take better care of patients at a lower cost and improve health care quality for the communities that they serve.

10. COVID Is a Catalyst for APP Expansion

Robin Locke Nagele, Post & Schell PC

+Listen to Episode 10

In the coming year, we expect that Advance Practice Professionals (APPs) will continue to see significant opportunity for expansion as to their scope of their services and their level of independence in the clinical and the business end of providing services. COVID has taught that “the assumption that a task is automatically safer when it is performed by the highest trained practitioners” is faulty and “actually risks a more hazardous care environment” by placing onerous responsibility on the physician, instead of using skilled non-physicians to relieve some of that burden.30 During COVID, APPs, facilitated by the COVID waivers, have demonstrated their value in ensuring access and continuity of care.31 However, they also face considerable uncertainty about their status as the waivers expire.

Historical Barriers to Practice Autonomy. APPs, including Physician Assistants (PAs), Certified Registered Nurse Practitioners (CRNPs), Certified Nurse Midwives (CNMs), and Certified Nurse Specialists (CNSs), have long advocated for greater autonomy in the provision of health care services. Strides have been made in many states, but restrictions remain. As of the beginning of the pandemic, only 22 states provided “Full Practice Authority” to NPs—allowing them to diagnose and treat patients and prescribe medications without a supervising or collaborating physician.32 Beyond the licensure restrictions, APPs are challenged by restrictive insurance and reimbursement policies, CMS regulations, and institutional and organizational policies related to credentialing as providers. The cost of mandated collaborative or supervisory services is unregulated and can be cost-prohibitive.33

Impact of COVID. During COVID, the federal emergency declaration and state waivers of licensure, practice, and telehealth restrictions radically shifted the practice landscape for APPs. APPs have been able to practice across state lines, beyond their usual scope of practice limitations, and via telehealth.34 The impacts on APP practices included an increased ability to practice independently and without delays resulting from the need for physician chart review, approval of orders, and the ability to follow patients through home health and direct care. And the dramatic increase in the use of telehealth has enabled APPs to treat patients in wide variety of practice settings.35 The pandemic response has provided evidence that some of the restrictive rules surrounding APP practice are unnecessary and can even impede the delivery of quality health care.36

At the federal level, CMS has begun to relax some of the more onerous requirements for APPs. Effective January 1, 2020, CMS removed its own supervision requirements for PAs, and instead now simply requires that they meet applicable state law licensure and scope of practice requirements.37 Effective January 1, 2021, CMS now allows a wide range of APPs—PAs, NPs, CNSs, CNMs, and CRNAs—to review and verify (sign/date) documentation in the medical record without have to re-document notes already in the record, for purposes of Part B Billing.38

The Post-Pandemic Future. Notwithstanding these important gains, APPs face an uncertain future in the immediate term. Many states have completely lifted their emergency waiver provisions, suddenly returning APPs to the licensure and scope of practice restrictions that existed pre-COVID.39 Some forward-looking states—including Colorado, New Hampshire, and Virginia—have replaced the emergency waivers with permanent legislative practice expansions—particularly in the area of telehealth.40 For example, New Hampshire passed permanent telehealth legislation that, among other things, expanded the list of providers able to provide telehealth to include PAs and APRNs, among others.41

APPs still face significant barriers to achieving the level of independent practice that they seek. State-specific barriers to owning their own practices, to practicing without supervision or collaboration, to performing services that are within their training but not permitted scope of practice continue to exist and will require legislative initiatives to effectuate change. But there are signs that APPs are increasingly being recognized and deployed in appropriate settings as good quality, cost-effective alternatives to physicians.42 And many in the industry hope that the data and knowledge generated during the pandemic regarding the valuable skillsets that APPs can offer in a wide range of practice settings will provide powerful arguments for continuing their march towards greater independence and self-determination.

Lisa Lucido is an attorney with Hall Render where she concentrates her practice in the areas of regulatory compliance, reimbursement, billing, and payment practices. Lisa provides counsel to a wide variety of health care entities in developing strategies and policies to ensure compliance with the Medicare and Medicaid programs, including the evaluation of provider-based issues, conditions of payment, disclosure, and compliance matters. Additionally, Lisa advises providers in the negotiation and administration of managed care contracts and works closely with clients to address regulatory and compliance issues related to participation in Medicare Advantage.

Ben Fee is an attorney with Hall Render where he practices exclusively in the area of health law advising health systems and hospitals on a variety of regulatory, compliance, and corporate transactional matters. He regularly advises clients on reimbursement and financial strategies; government reimbursement and payment matters; corporate structure and reorganization; the 340B drug discount program; and corporate compliance issues.

Lisl Dunlop is a Partner at Axinn Veltrop & Harkrider LLP. Lisl has more than 25 years of experience guiding leading U.S. and multinational companies through the antitrust-related aspects of mergers and acquisitions, joint ventures, and other combinations. For her health care clients, Lisl provides antitrust and strategic advice in evaluating value-based payment initiatives, the establishment and operation of ACOs and independent physician networks, financial and clinical integration issues, and other transactions and collaborations.

Jody L. Rudman is a Partner at Husch Blackwell LLP in the Austin, TX office. Jody is a litigator with well over two decades’ experience in jury trials, bench trials, contested hearings and oral arguments in federal and state courtrooms. Jody focuses primarily on government investigations, both civil and criminal, in the health care space. A former Assistant United States Attorney for the Northern District of Texas, she handles all aspects of government investigations, trials, sentencings, and appeals.  Her work is largely white collar criminal and False Claims Act matters, representing clients during investigations, negotiations, and litigation. She is a frequent speaker and published author in health care matters, antitrust matters, and litigation issues.

Shalyn Smith McKitt is a Litigation Associate at Balch & Bingham LLP in the Birmingham, Alabama office. She earned her BA from Stillman College and her JD and MA in Health Studies from the University of Alabama. Shalyn started her practice as a litigator in the Ohio Attorney General’s Office Health and Human Services section where she represented the Department of Developmental Disabilities, the Department of Mental Health and Addiction Services, the Department of Medicaid, and the Chemical Dependency Professionals Board. She then joined the Dallas office for the U.S. Department of Health and Human Services Office of the General Counsel as Assistant Regional Counsel. There she primarily represented CMS and OCR in matters relating to Medicare and Medicaid billing and overpayments, facility compliance, HIPAA, and Civil Rights. Shalyn then served as Senior Legal Counsel at SS&C Health, a Healthcare Technology company. There she drafted and negotiated multi-million dollar contracts for health and pharmacy solutions and was essential in analyzing company HIPAA compliance. She then came to Balch where she works on a variety of litigation matters including those related to health care providers and suppliers, health systems, and HIPAA compliance.

Nathan A. Kottkamp is a Partner in the Healthcare Department of Williams Mullen, in Richmond, Virginia. Nathan’s practice focuses on a broad array of operational and regulatory issues, including HIPAA, licensure/accreditation/professional board matters, and ethics. Nathan is also the Founder of National Healthcare Decisions Day (, in which AHLA has been a participant since its inception in 2008.

Tiffany Buckley-Norwood is the Vice Chair of Publishing for AHLA’s Labor and Employment Practice Group. As of November 1, 2021, she is also an Associate Counsel, Employment for Trinity Health. Prior to that, she was the Healthcare Industry Group Co-Lead and a Principal at Jackson Lewis PC. Any statements in this article are Tiffany’s opinion and do not necessarily represent the views of Trinity Health.

Michael Herald is the Chief Administrative Officer & General Counsel at Guardian Healthcare. He is responsible for managing the legal affairs and leading the human resources, IT, shared services, and loss prevention teams for the post-acute care enterprise. In addition, Michael serves as an adjunct faculty member for Penn State University’s Nursing Home Administrator training program, a member of the Board of Visitors for the Health Care Administration and Management Program at Slippery Rock University, and is a member of the Board of Directors at Global Links. 

Sarah Swank is a health care attorney in Nixon Peabody LLP’s Washington, DC office, with more than 20 years of experience as senior in-house counsel for two of the largest national health care systems and as a thought leader and advisor in two nationally recognized, top-rated law firms. Sarah supports clients navigating a complex and changing regulatory landscape to promote innovation and thoughtful growth by providing strategic and practical advice on CMMI programs, ACOs, telehealth, AI, health equity, and clinical research and where they intersection with operations, compliance, the Stark Law, Anti-Kickback Statute, HIPAA, OCR civil rights, and other health care regulatory issues. She is a nationally recognized speaker and author, a Vice Chair on the Publications Board of ABA Health Section and the Vice Chair of Education for AHLA’s In-House Counsel Practice Group.

Purvi Maniar is a member of Norton Rose Fulbright’s health care transactions team and is a partner based in the firm’s St. Louis and New York offices. She is a health care business lawyer who focuses on bringing together hospitals, health systems, medical group practices, behavioral health organizations, private equity clients, and emerging health care companies in mergers, acquisitions, joint ventures, and other strategic business arrangements. Purvi focuses on both domestic and international health care transactions and helped lead the expansion of the global law firm’s high caliber domestic health system practice to include international health care transactions. Purvi is passionate about improving access to and quality of behavioral health. She represents private equity companies and prominent nonprofit behavioral health providers in connection with their mergers, acquisitions, strategic partnerships, and clinically integrated networks. She also advises hospitals in connection with restructuring their inpatient behavioral health programs, as well as tele-behavioral health providers and other clients focused on the behavioral health space. She is the Chair of AHLA’s Behavioral Health Practice Group.

Tiana Korley is an Associate General Counsel for the University of Michigan Office of the Vice President and General Counsel.  In this role, she provides advice on regulatory compliance matters, including interpretation and guidance related to the fraud and abuse laws. Tiana also provides guidance on delivery system reform efforts, including alternative payment models. Prior to joining the University of Michigan, Tiana worked in several other capacities in the health care arena, including as a health care consultant, congressional staffer, and as a senior staffer for the Centers for Medicare and Medicaid Services.

Robin Locke Nagele is Co-Chair of the Health Care Practice Group of Post & Schell in Philadelphia. She has a national health care litigation and consulting practice in which she counsels and represents hospitals, health systems, and other health care provider entities in complex medical staff matters, including peer review proceedings, summary suspensions, corrective action, fair hearing processes, and associated litigation.  She also counsels and represents federally listed Patient Safety Organizations (PSOs) and Participating Providers with regard to legal compliance and privilege protection under the federal Patient Safety Quality Improvement Act, and litigates PSQIA privilege disputes. She is a former Chair of AHLA’s Medical Staff, Credentialing, and Peer Review Practice Group, and has written and spoken extensively on medical staff issues. 

2 Id.

3 The Consolidated Appropriations Act, 2021, provided yet further economic support, As of February 2021, an estimated $4 trillion in relief funds were made available. This was followed by the American Rescue Plan under the Biden administration. See e.g.,;

6 U.S. Dep’t of Justice, Press Release, Attorney General William P. Barr Urges American Public to Report COVID-19 Fraud (Mar. 20, 2020)

7 U.S. Dep’t of Justice, Press Release, Department of Justice is Combatting COVID-19 Fraud but Reminds the Public to Remain Vigilant (Oct. 15, 2020),

8 E.g., U.S. Dep’t of Justice, Press Release, Reality TV Star Indicted on Federal Charges (June 24, 2020),; U.S. Dep’t of Justice, Press Release, New Jersey Attorney Charged with Fraudulently Obtaining $9 Million in Loans Meant to Help Small Businesses During COVID-19 Pandemic (Sept. 3, 2020),; U.S. Dep’t of Justice, Press Release, NFL Player Charged for Role in $24 Million COVID-Relief Fraud Scheme (Sept. 10, 2020),

9 31 U.S.C. §§ 3729, et seq.

10 The public policy issues associated with obtaining insurance coverage for ransom payments could be the subject of an entire article on their own.

11 Ransomware. What It Is & What to Do About It, Joint statement of eight federal agencies,

12 See Mike Miliard, Hospital ransomware attack led to infant’s death, lawsuit alleges, Healthcare IT News, Oct. 1, 2021,

13 U.S. Dep’t of Health and Human Servs. Office for Civil Rights, FACT SHEET: Ransomware and HIPAA, July 11, 2016,

14 See 45 C.F.R. § 164.402.

15 See Alyssa Jordan, The Importance of Diversity in Healthcare & How to Promote It, Provo College (Jun. 17, 2020),

16 See Bostock v. Clayton County, 590 U.S. __ (2020) (holding discrimination based on sexual orientation or gender identity is discrimination “because of sex” as prohibited by Title VII).

17 Mich. Pub. Health Code R 338.7001 - 338.7005; see also Governor Gretchen Whitmer and LARA Announce Adopted Training Requirement to Improve Equity Across Michigan’s Health Care System (Jun 1, 2021),,9309,7-387-90499_90640-561034--,00.html.

19 29 C.F.R. § 1910.134.

20 Dep’t of Justice, Press Release, Department of Justice and Department of Health and Human Services Partner to Distribute More Than Half a Million Medical Supplies Confiscated from Price Gougers (Apr. 2, 2020),

21 Kaiser Family Found., How the COVID-19 Pandemic is Affecting People’s Mental Health and Substance Use (Feb. 10, 2021),

22 AP-AACAP-CHA Declaration of a National Emergency in Child and Adolescent Mental Health, (last visited Nov. 9, 2021).

23 Lyra, Press Release, Lyra Health Completes $200M Funding Round to Transform Mental Health Care Globally (June 14, 2021),

24, Consolidated Appropriations and American Rescue Plan Acts of 2021 telehealth updates, (last visited Nov. 4, 2021).

25 Senator John Kennedy, Press Release, Kennedy introduces legislation to improve student access to mental health services (Apr. 27, 2001),

27 85 Fed. Reg. 77684 (Dec. 2, 2020); 85 Fed. Reg. 77492 (Dec. 2, 2020).

28 Ctrs. for Medicare and Medicaid Servs., Innovation Center Strategy Refresh (Oct. 2021),

29 The Boards of Trustees, Federal Hospital Insurance and Federal Supplementary Medical Insurance Trust Funds, 2021 Annual Report of the Boards of Trustees of the Federal Hospital Insurance and Federal Supplementary Medical Insurance Trust Funds,

30 Sinsky and Linzer, Practice and Policy Reset Post-COVID-19: Reversion, Transition, or Transformation?, 39 Health Affairs 1409 (Aug. 2020).

31 Kleinpell, Myers, Schorn, and Likes, Impact of COVID-19 Pandemic on APRN Practice: Results from a National Survey, 69 Nurs. Outlook 783-782 (Sep.-Oct. 2021).

32 Stucky, Brown, and Stucky, COVID 19: An Unprecedented Opportunity for Nurse Practitioners to Reform Healthcare and Advocate for Permanent Practice Authority, Nurs. Forum (Oct. 12, 2020), citing American Association of Nurse Practitioners, Issues at a Glance: Full Practice Authority,

33 Kleinpell et al., supra note 31, and authorities cited therein.

34 See Fed. of State Med. Bds. (FSMB), United States and Territories Modifying Requirements for Telehealth in Response to COVID-19 (last updated Oct. 20, 2021).

35 Kleinpell et al, supra note 31.

36 Id.

37 CMS Pub. 100-02 Medicare Benefit Policy, Transmittal 10639 (Mar. 12, 2021).

38 Id.

39 FSMB supra note 34.

40 Id.

41 Id.

42 Meliha Skaljic, BA, Jules B. Lipoff, M.D., Association of Private Equity Ownership with Increased Employment of Advanced Practice Professionals in Outpatient Dermatology Offices, J. Am. Academy of Dermatology (May 12, 2020),;

Top Ten Issues in Health Law 2022 Podcast Series

Based on this year's article, a special 10-part podcast series has been created, bringing together thought leaders from across the health law field to discuss the top ten issues of 2022.

Watch and Listen to the Series