Category: Blog

Group Health Plans and the HIPAA Privacy Rule

            Under the administrative simplification provision of the Health Insurance Portability and Accountability Act (HIPAA), there are pertinent regulations that lead to compliance obligations for employer-sponsored group health plans. In accordance with 45 CFR § 160.103, the HIPAA Privacy Rule can only be applied to the groups that are listed and deemed to be covered entities. For purposes of the Privacy Rule, covered entity means any health plan, health care clearinghouses, and health care providers who transmit health information in electronic form in connection with a transaction.  Within the list of covered entities, health plans are defined as an individual or group plan that provides, or pays for the cost of medical care.  Further, a group health plan means an employee welfare benefit plan, including fully insured and self-insured plans, to the extent that the plan provides medical care.This provision includes items and services paid for as medical care to employees or their dependents directly or through insurance, reimbursement. The HIPAA Privacy Rule will also apply to a plan that has 50 or more participants, or is administered by an entity other than the employer that established and maintains the plan. Thus, the group health plan is deemed to be an entity that is entirely separate from the employer and plan sponsors that provide the requisite care or insurance to the employees. 

            While the usage of group health plans is clearly significant within the context of the HIPAA Privacy Rule, it is certainly helpful to distinguish between the types of plans that are frequented by employers. A fully insured health plan is commonly considered to be the traditional method of insuring employees that work within their companies. Within this framework, employers pay a fixed premium to a large insurance provider (Aetna, Kaiser Permanente, United Health) for their employees, and the provider covers the cost of the employee’s medical expenses. While fully insured plans are typically more expensive for the employer, the premium rates are annually fixed based on number of enrolled employees. The insurance provider will handle claims in accordance with the plan outline that is selected by the employer, and employees are responsible for reaching a deductible or copays depending on the types of medical services the plan covers. On the contrary, self-insured health plans are more flexible than fully insured plans because it enables the employer to select a plan that best meets the individualized medical needs of their employees. More specifically, this plan cuts out the preset framework from insurance providers, and employers are responsible for determining the costs of their own plan. Commonly, employers will use a form of stop-loss insurance in order to mitigate the cost if one of their employees is well beyond the coverage window.  While there are benefits and downsides to both types of health plans, the HIPAA Privacy Rule will apply to both in a variety of different circumstances. First off, if the company heath plan is administered by a third party it will not matter whether the plan is fully or self-insured and these parties will always be subjected to the Privacy Rule. However, if the health plan is truly self-administered (no third parties), has under 50 total participants, and does not handle protected health information (PHI), then the Privacy Rule will not apply.  Consequently, it is extremely uncommon for a fully insured plan to be subjected to the standards of the Privacy Rule because the relationship between the employer and insurance provider will attempt to eliminate PHI being transferred. Additionally, ERISA requires that if an individual is titled as the “plan administrator” but does not carry out daily functions of the plan then self-administration cannot possibly apply.

            Navigating HIPAA and the complex application to group health plans can be challenging for many businesses and organizations to conceptualize. Therefore, it is essential for employers to select the type of plan that best suits their employee’s needs, but they also need to remain cognizant of the restraints that both ERISA and the HIPAA Privacy Rule attach to group health plans.

FDA Approves Tandem’s Automated Insulin Delivery Technology For Toddlers: Another Step Toward Hybrid Closed Loop Systems in Type 1 Diabetes Management

On November 7, the FDA announced clearance for Tandem’s Control-IQ technology for use by children ages two and older. Control-IQ is a software that inputs glucose readings from Dexcom’s continuous glucose monitor into Tandem’s insulin pumps and, in junction with the user’s insulin-to-carb ratios and daily trends, automatically increases, decreases, and suspends insulin delivery. Previously, the FDA had only cleared children of ages six and older to use Tandem’s Control-IQ.

This advancement represents the latest step toward greater access to hybrid closed loop systems of type 1 diabetes care. Hybrid closed loop systems refer to those like Control-IQ – a device that monitors the user’s blood glucose levels and communicates with an insulin delivery device to adjust insulin dosage autonomously.

Although Control-IQ demonstrates a strong capacity to improve blood glucose control, many diabetes patients lack knowledge and access to the technology. In a recent survey of people with type 1 diabetes by Dexcom, 45% of respondents indicated that they did not know what a hybrid closed loop system was or how it could benefit them.

As the capacity of diabetes care technologies increases – taking the wheel as the decision-maker over the patient – many patients may wonder what would happen if their devices were to make an error and seriously harm them. As of December 2022, the FDA received over 500,000 complaints about the Dexcom G6, Dexcom’s continuous glucose monitoring system (CGM). In late 2019, a woman brought wrongful death action against Dexcom, as her husband’s CGM failed to alert him of his hypoglycemia in time for him to act. This raises concerns for patients with limited capacity to take control and make decisions of their own, including young children and toddlers.

Nonetheless, the FDA’s updated clearance only came after a study released earlier this year showing that hybrid closed loop systems improved blood glucose control for children between the ages of two and five, especially overnight. It also follows recent clearance of Tandem’s Mobi – a smaller, more discrete insulin pump that the user controls from their phone. While Mobi is no more adept at automated insulin delivery than the normal models, intelligence is just one consideration in pursuit of seamlessly integrating diabetes care into the everyday lives of patients. Speaking practically, the aim to eliminate manual blood sugar checks exists because constant self-care is burdensome and exhausting. Likewise, so is wearing equipment all hours of every day. From the perspective of the patient’s daily experience, comfort and algorithmic advancement go hand-in-hand.

FDA clearance is distinct from FDA approval. While approval means that a product or treatment’s benefits outweigh its risks, clearance means that a product or treatment is substantially equivalent to a previously approved version.

That said, even if Tandem’s new products are to earn approval, FDA approval cannot entirely shield a device manufacturer from liability. FDA approval represents a floor for safety standards and is not enough to defeat a claim against a medical device or drug manufacturer on its own. In practical terms, the FDA’s standard gives diabetes patients and their caretakers both reason for ease and concern. On the one hand, one of the major appeals of closed loop technologies is that patients are free to spend less time manually checking their blood sugar and delivering insulin, especially overnight. On the other, ceding control to an algorithm may feel uncomfortable for some patients, especially those that have taken responsibility for their own care for a long time or are otherwise wary of the rapidly advancing technology.

Virginia: An Omen of Things to Come for Anti-Abortion Candidates

On Tuesday, November 7, 2023, voters in Virginia demonstrated the importance of abortion (and thus a pregnant person’s right to choose) when Virginia Democrats retook full control of Virginia’s General Assembly. Prior to the election, Democrats were the majority in the Senate (22-18), while Republicans were the majority in the House of Delegates (52-48). All seats were on the ballot on November 7, and the legislative races for the seats were dependent on candidates’ stance on abortion. For instance, Democratic ads featured abortion more than any other issue, while Republican ads focused on the economy, education, public safety, and parental rights.

As Democrats retook full control of the General Assembly, Republicans will be unable to implement new abortion restrictions, specifically Governor Youngkin’s proposed abortion limit. Prior to the election, Governor Youngkin pledged to sign his proposed abortion limit if Republicans maintained control in the Senate and gained control of the House. Youngkin’s proposed plan is to alter Virginia’s current abortion limit to a 15-week limit after pregnancy except for rape, incest, and saving the pregnant person’s life. Virginia’s current abortion policy is that abortion is legal until viability, defined by the Supreme Court of the United States as “the capacity for meaningful life outside the womb, albeit with artificial aid… [not just] momentary survival.” Throughout the election, Democrats have promised that an abortion ban legislation will not be sent to Governor Youngkin’s desk for the remainder of his term in office. They have gone as far as to state that any legislation to limit abortions is “guaranteed to fail in the General Assembly next year.”

Two big organizations, Think Big America and the ACLU of Virginia, donated a substantial amount of money to Democratic candidates. During the week before the election, Think Big America, a nonprofit group affiliated with Illinois Governor J.B. Pritzker, donated $250,000 to Democrat candidates in the election. The donation was to be allocated as follows: $25,000 each to 4 Democrats running in battleground Senate districts and $150,000 to the Democratic Party of Virginia. The ACLU of Virginia donated just over $1 million to be directed toward direct mail, digital ads, and volunteer outreach to highlight candidates’ positions on abortion in the competitive 5 Senate districts and 6 House districts.

While the ACLU of Virginia’s financial investment was unprecedented in its history for this year’s election cycle, they believed it was necessary as the implications of November’s legislative races would have an effect on abortion access and policy decisions in Virginia. November 7’s election outcome determined whether abortion and reproductive rights will continue to be safe for Virginians, as well as for those from the South who are traveling to Virginia to access abortion care.

Virginia’s election results reverberated elsewhere. On November 7, Ohio voters approved a constitutional amendment ensuring access to abortion and other forms of reproductive health care. The amendment included some of the most protective language for abortion access of any statewide ballot initiative since the Supreme Court ruled on Dobbs.

As demonstrated, there are consequences at the ballot box to candidates’ stance on abortion. Overall, about two-thirds of Americans believe abortion should be legal until 24 weeks, a quarter believe abortion should always be legal, and about 1 in 10 believe abortion should always be illegal. As the 2024 presidential race is underway, Republican candidates differ on abortion, with some arguing for a national 6- or 15-week ban and others arguing that the decision should be left to the states.

Regardless of the Republican party’s course of action regarding abortion bans, Senator Kevin Cramer (R-N.D.) stated, “[t]he people aren’t with us,” acknowledging that the country is not on board with extreme limits on abortion. Despite Republican candidates wavering on their abortion stance, one thing is for certain: abortion will remain a hot topic in the 2024 presidential and congressional races.

Flawed Flow: Unveiling the Gaps in the Safe Drinking Water Act

Amidst an unprecedented U.S. environmentalist movement in the 1970s, Congress enacted groundbreaking legislation to protect the public health and welfare: The Safe Drinking Water Act (“SDWA” or “Act”). Officially signed into law by President Ford in 1974, the SDWA was revolutionary at the time, providing a national “comprehensive regulatory framework” for overseeing the drinking water supply of the country at large. The Act delegates authority to the Environmental Protection Agency (“EPA”) to set standards for drinking water safety and quality. Importantly, the SDWA expressly allows for states to monitor their own compliance with EPA standards, rather than the federal government. The Act requires a two-step process: (1) EPA establishes a maximum contaminant level goal (“MCLG”), creating a strict health-based goal, and then (2) as provided by Section 1412(b)(4)(B), EPA sets a maximum contaminant level (“MCL”), creating the enforceable standard. This is the standard states are required to meet for certain listed contaminants—a list requiring review and revision every six years. 

Though the United States is a leading country in water safety, as much as half of some state populations still drink unregulated water from small systems that slip through the cracks of the regulatory protections enforced by the Act. This is because the SDWA regulates only public water sources, defined narrowly as that providing drinking water regularly to a minimum of 25 people or through 15 service connections for at least 60 days per year. Moreover, state enforcement of the SDWA has also been the subject of much criticism. In 2015, nearly 77 million Americans resided in areas with water systems in violation of the SDWA’s safety standards; however, because the statute requires self-regulation by the states and municipalities themselves, these violations were underreported, leaving many consumers unaware that their drinking water may be substandard. Maybe more concerning is that “nine out of ten violations of the SDWA are not subject to disciplinary or corrective action,” again, likely due to the Act assigning states the burden of regulating themselves.

A more modern concern about the SDWA is that it only regulates an outdated list of contaminants. For example, “PFAS,” broadly known as “forever chemicals,” are harmful human-made substances that are incredibly resilient and persist in the environment over long periods of time. PFAS can be found in a broad range of consumer products, from food to cookware, and even diapers. Thus, it is no surprise that the chemicals have been detected in U.S. air, water, soil, and the bloodstream of the many Americans. Research shows PFAS exposure can be toxic at relatively low concentrations and may result in adverse health effects, such as cancer or developmental delays to unborn children. A recent government study estimates more than half of our tap water across America could contain these toxins. Yet, the public drinking water containing PFAS meets legal standards unless and until EPA explicitly sets an MCL for the contaminant.

Fortunately, in 2021 EPA proposed a rule now in its final stage of approval. The rule includes the authorization to regulate certain PFAS in drinking water by establishing the MCLG and determining the MCL states will be required to enforce. EPA intends to implement the final rule in 2024. Still, for decades there has been effectively no government intervention nor industry regulation on how these toxic chemicals are used. Further, Americans will continue to drink tainted water until the new MCL is officially established–a process that has taken three years and counting. While the SDWA has created a consistent set of rules that still serve as a fundamental standard for ensuring public water safety, its effectiveness and practicality is tarnished by complexities. First, approximately 12% of the US population depends on federally unregulated private wells for drinking water because the scope of the Act is too slim. Second, per the Act, Americans are only protected by an underinclusive list of contaminants that EPA has established MCLs for, which shockingly only requires review once every six years. In sum, Congress should take action to rework the specifics of the SDWA so that it is more inclusive in terms of its scope of what water is regulated, how the federal government oversees state enforcement, as well updating which contaminants are subject to MCLs.

Ensuring Economic Security in Future Pandemics

On September 09, 2021, President Biden issued Executive Order 14,042 (“the Order”). In the Order, President Biden required all executive agencies to include a clause in their contracts stating both contractors and subcontractors would “obey COVID-19 safety guidance issued by the Safer Federal Workforce Task Force.”  On September 24, 2021, the Task Force issued its guidance, which required all contractors and covered employees be vaccinated against COVID-19.

With the World Health Organization rescinding its classification of COVID-19 as a global health emergency in May 2023, you may be wondering why we are discussing the Order. Well, this was not the first global pandemic, and it will not be the last. The first pandemics emerged once hunter-gatherer tribes settled in larger communities, as the formation of these communities, as well as increased agriculture and war, made it easier than ever for diseases to spread. The first recorded pandemic, the Athenian Plague, occurred in 430 BC Athens, and experts predict that there is a 47-57% probability that the world will experience another deadly pandemic before 2050.

Circuit courts around the country are split on whether Executive Order 14,042 was constitutional, with the most recent circuit, the Ninth Circuit, ruling that the Order could stand. In the Order, President Biden asserted power stemming from the Federal Property and Administrative Services Act of 1949 (also known as the “Procurement Act”). The Act was originally signed into law to “increase the efficiency and economy of Federal government operations with regard to the procurement, utilization and disposal of property.” Since its codification, Presidents have used the Procurement Act to require contractors to use immigration status verification systems and to establish paid sick leave for federal contractors.

            The Procurement Act notes that, “[t]he President may prescribe policies and directives that the President considers necessary to carry out this subtitle. The policies must be consistent with this subtitle.” Two Circuits have analyzed this language and created tests to determine whether Presidential orders are consistent with the Procurement Act’s requirements. The Fourth Circuit, in Liberty Mutual Insurance Company v. Friedman, introduced the reasonably-related test, which states that there must be a finding that the executive order’s policies are “reasonably related to the Procurement Act’s purpose.” The D.C. Circuit, in American Federation of Labor and Congress of Industrial Organizations v. Kahn, introduced the sufficiently close-nexus test, which states that the executive order issued must have a sufficiently close nexus to the Procurement Act and the statutory goals of economy and efficiency.

            What we learn from the two tests is that the President’s order must relate back to the Procurement Act’s goals of economy and efficiency in contracting; however, when the next pandemic hits and the Supreme Court has to decide which test to apply when analyzing an Executive Order passed under power granted from the Procurement Act, which test should they choose (granted they do not create their own)? The Court should adopt the D.C. Circuit’s “sufficiently-close nexus” test; all though this test can sometimes be interpreted more leniently than the Fourth Circuit’s “reasonably-related” test, the “sufficiently-close nexus” test’s language and standards are more stringent. When handling health law policy, typically reserved for the states, and vaccinations that could impact millions of people, the Executive branch should be able to decide whether to issue an executive order; however, it should require a serious and sufficient justification.

The End of a Public Health Emergency or the End for Healthcare Access?

            The U.S. Public Health Emergency (PHE) that began at the start of the COVID-19 pandemic concluded on May 11, 2023, ending the temporary policies started in response to the pandemic. These changes have affected the American public in different ways. For those with Medicare, over-the-counter COVID-19 tests are no longer free, and coverage regarding COVID-19 testing and treatment will change depending on the insurance plan. Another change that comes with the termination of the PHE is that COVID-19 vaccines and boosters will continue to be free, but only until the federal stockpile lasts. While these changes might seem obvious as COVID is not as prominent as it once used to be, there are some changes that have negatively impacted underserving a community’s way beyond COVID-19 coverage.

            One of these changes includes Medicaid redeterminations restarting. Continued Medicaid enrollment ended March 31, 2023, and states have restarted Medicaid and Children’s Health Insurance Program (CHIP) edibility reviews. Some patients that usually do not qualify for Medicaid, did qualify during the PHE period. This means that these patients have the dreadful task of finding and transitioning to another type of insurance. Unfortunately, the only insurance option was Medicaid for some of these patients, as they could not afford anything else.

            A direct consequence of the end of the PHE will be the looming loss of Medicaid eligibility for the millions of Americans who come from low-income households. There could be as many as eighteen million enrollees without coverage as a result of the new eligibility requirements. The U.S. Department of Health and Human Services predicts that people of color will lose coverage because of administrative barriers, not because they don’t qualify in many instances

The end of PHE will affect more Black and Hispanic communities since they are twice as likely to be Medicaid recipients. This sudden cut in coverage will only worsen an already failing healthcare system for people of color; this is because the cut in coverage will reduce access to screenings and preventive care for chronic diseases that are more common in people of color, overload already overburdened hospitals with emergency care, and cripple low-income families with medical debt.

 To avoid or lessen all of these inequalities in the healthcare system, states must act as soon as possible. For example, states can market campaigns to encourage citizens to sign up for alternative care that has COVID-19 benefits, as well as communicate with Medicare enrollees so that they at least know their coverage is coming to an end. The state of Colorado has already taken a proactive approach to healthcare insurance by opening enrollment for a program called OmniSalud that assists undocumented residents and individuals with protections through the Deferred Action for Childhood Arrivals program in obtaining affordable healthcare insurance. Communities that lack these kinds of programs should follow suit and protect their most vulnerable residents.

  It is an overstatement to say that COVID has ended when it has not. It is important to remember that moving out of an emergency state does not mean the impact on vulnerable communities has concluded. It is imperative that states enact policies that prevent the worsening of COVID-induced inequities in the most vulnerable communities.