New ADT Guidance from CMS, and Other Federal Updates

For more information about this blog post, please contact Khaled J. KleleRyan M. MageeLabinot Alexander Berlajolli, or Brianna J. Santolli

CMS Issues New Guidance on ADT Notifications

Centers for Medicare & Medicaid Services (“CMS”) recently released guidance for hospitals outlining the new requirements for admission, discharge, and transfer (“ADT”) electronic patient event notifications. These requirements originally stemmed from the Interoperability and Patient Access Final Rule published on May 1, 2020, and require health care providers to send electronic patient event notifications of a patient’s admission, discharge, and/or transfer to another healthcare facility or to another community provider or practitioner. These requirements are intended to improve care coordination by allowing a receiving provider, facility, or practitioner to reach out to the patient and deliver appropriate follow-up care in a timely manner.

The new guidance can be found here.

CMS Increases Medicare Payments for COVID-19 Treatment

As part of the ongoing response to address the COVID‑19 pandemic, CMS has increased the Medicare payment rate for administering monoclonal antibodies to treat beneficiaries with COVID‑19.  Beneficiaries will pay nothing out of pocket, regardless of where the service is furnished – including in a physician’s office, healthcare facility, or at home.

Effective May 6, 2021, the national average payment rate will increase from $310 to $450 for most health care settings. In support of providers’ efforts to prevent the spread of COVID‑19, CMS will also establish a higher national payment rate of $750 when monoclonal antibodies are administered in the beneficiary’s home, including the beneficiary’s permanent residence or temporary lodging (e.g., hotel/motel, cruise ship, hostel, or homeless shelter).

HHS Retracts Mobile Health Apps Notice

A notice first published by the Department of Health and Human Services (“HHS”) on January 15, 2021, proposing to exempt certain mobile health devices from agency regulation, has since been retracted by HHS following pushback from FDA. FDA has argued that HHS failed to consult with, involve, or even notify FDA before issuing the notice this past January. Upon further review, HHS and the FDA determined the notice was published without scientific support, contained errors and ambiguities, and was overall flawed. The notice has since been retracted in full. 

President Biden Signs Cybersecurity Executive Order

President Biden recently issued an executive order aimed at improving cybersecurity of the federal government and developing a concrete cyber incident response plan, with assistance from the private sector. The 18-page executive order does not set forth specific requirements, but rather sets deadlines for named agencies to develop requirements, standards, or guidelines on specific cybersecurity areas. The administration had been planning the order to address a cyberespionage campaign stemming from an attack on software provider Solarwinds Corp. that compromised networks of at least nine federal agencies, including the U.S. Department of Homeland Security. But cybersecurity vulnerabilities at U.S. critical infrastructure systems were underscored again when a ransomware attack caused a temporary shutdown at Colonial Pipeline Co., which ferries nearly half of the East Coast's supply of diesel, gasoline, and jet fuel from Texas to northern New Jersey.

The executive order will require technology providers that do business with the government to tell authorities about data breaches that could pose a danger to federal networks.  Biden also announced the formation of a Cybersecurity Safety Review Board that will analyze how major breaches unfold, similar to the way that the National Transportation Safety Board issues reports after airplane crashes. Further, a government contractor that provides software or services would be required to report cyber incidents to the relevant federal agencies based upon a sliding scale of risk assessment, with the highest risk requiring notice within 3 days of discovery. The order includes several other topics, including modernizing federal government cybersecurity, standardizing the federal government’s playbook for responding to cybersecurity vulnerabilities and incidents, improving detection of cybersecurity vulnerabilities and incidents on federal government networks, and improving the federal government’s investigative and remediation capabilities. The agencies charged with rulemaking will have to act quickly to meet near‑term deadlines and flesh out the specific requirements and details to achieve the policy directives.