2024 is shaping up to be a very active year for regulatory and enforcement developments in the healthcare industry – developments that concern not just hospitals and nursing facilities, but many non-healthcare companies as well, including technology companies, that engage in business practices that directly create compliance risk for the industry.
Among the top new regulatory and enforcement initiatives that either have already entered force or will be forthcoming in 2024 include:
- New policy initiatives to scrutinize healthcare-related anticompetitive practices
- Enhanced oversight of private equity (PE) firms’ ownership structures
- New regulations addressing the use of artificial intelligence in healthcare
- New healthcare-specific cybersecurity requirements
- Higher penalties for violations of the Health Insurance Portability and Accountability Act (HIPAA)
In short, 2024 promises to be an especially busy year for chief compliance officers, chief risk officers, and their counsel across many sectors and subsectors of the healthcare industry, especially considering the increased scrutiny healthcare organizations are facing.
This post, the last in a three-part series, will cover the higher scrutiny facing the healthcare industry. To read the full series, you can find the first article on increased enforcement action in healthcare here, and the second on cybersecurity requirements for healthcare organizations here.
With these regulatory and enforcement developments, the U.S. Department of Health and Human Services (HHS) will not be the only agency enhancing its oversight over HIPAA violations and non-compliant patient health and safety practices, generally. Other federal agencies focusing on the healthcare industry will be the Antitrust Division of the U.S. Department of Justice (DOJ), the U.S. Federal Trade Commission (FTC), and the Cybersecurity and Infrastructure Security Agency (CISA) as it relates to cybersecurity practices in healthcare.
Alongside this current wave of regulatory and enforcement initiatives come several new compliance guidance documents as well. Risk and compliance professionals in the healthcare industry will want to use these guidance documents to their benefit to benchmark their compliance programs and stay on the right side of the many regulatory enforcement bodies that will be bringing down the hammer on healthcare-related violations in 2024. This enhanced scrutiny means healthcare organizations should be laser focused on aligning their compliance programs to the guidance documents and adhering to the rules set forth by the agencies that are watching more closely.
Enhanced scrutiny over anticompetitive practices in healthcare
On December 7, 2023, the White House issued a fact sheet announcing new initiatives to enhance scrutiny over anticompetitive practices in healthcare. As part of this collective effort, the DOJ, FTC, and the HHS through a joint Request for Information will examine how anticompetitive power and control in healthcare adversely impacts patient health and safety. This information gained will be used to identify future regulatory and enforcement priorities, according to the fact sheet.
One top priority for the FTC, DOJ, and HHS will be greater scrutiny over “roll-up” deals, whereby PE firms, health insurers, or healthcare providers can gain monopolistic power in the healthcare industry by making a series of small-scale acquisitions. While some illegal roll-up deals might have escaped antitrust scrutiny in the past, that’s likely to change under the 2024 antitrust enforcement regime.
The FTC, DOJ, and HHS have indicated they intend not only to assert a greater oversight role but also engage in more data-sharing. Leading these efforts will be a newly appointed chief competition officer at HHS and newly appointed counsels of healthcare at the FTC and the DOJ’s Antitrust Division, according to the White House fact sheet.
As Jonathan Kanter, assistant attorney general for the DOJ’s Antitrust Division, warned, “Protecting and promoting competition in healthcare markets is among the Division’s top priorities.” Risk and compliance professionals of PE firms, health insurers, and healthcare providers – particularly those that have engaged in recent roll-up deals – should take heed, as 2024 portends to be a busy year for new antitrust investigations and enforcement activity.
Enhanced scrutiny over private ownership in healthcare
Private investors in healthcare, especially PE firms, could face the most scrutiny in 2024 as it regards anticompetitive practices. Transparency measures over ownership structures will be a key area of focus. For example, a final rule published by CMS that took effect on January 16, 2024, requires Medicare- and Medicaid-participating nursing homes to disclose “certain ownership, managerial, and other information.”
The information required to be disclosed includes:
- Each member of the facility’s governing body, including their name, title, and period of service;
- Each person or entity who is an officer, director, member, partner, trustee, or managing employee of the facility, including their name, title, and period of service;
- Each person or entity who is an additional “disclosable party” of the facility; and
- The organizational structure of each additional disclosable party of the facility and a description of the relationship of each such additional disclosable party to the facility and to one another.
CMS indicated that it issued the final rule after receiving information that certain categories of nursing facility owners, including PE firms and real estate investment trusts, “generated concerns about the quality of care that nursing facility residents receive.” According to CMS, “having sufficient data on these owners could help CMS better monitor and hold accountable their nursing facilities,” and that these new data collection requirements will assist in achieving that goal.
New policies addressing the use of artificial intelligence in healthcare
On October 30, 2023, the Biden Administration issued an executive order highlighting the U.S. government’s plan for addressing the use of artificial intelligence (AI) across numerous industries, including healthcare.
As part of that broader initiative, the executive order called on HHS to establish an AI Task Force to “develop a strategic plan that includes policies and frameworks – possibly including regulatory action, as appropriate – on responsible deployment and use of AI and AI-enabled technologies in the health and human services sector.”
In an update to that initiative, a White House fact sheet released on January 29, 2024 announced that HHS completed the establishment of the AI Task Force. Next steps will be to develop a strategic plan in the following areas:
- Development, maintenance, and use of predictive and generative AI-enabled technologies in healthcare delivery and financing, including human oversight;
- Long-term safety and real-world performance monitoring of AI-enabled technologies;
- Incorporation of equity principles in AI-enabled technologies and helping to identify and mitigate discrimination and bias in current systems;
- Incorporation of safety, privacy, and security standards into the software development lifecycle to protect personally identifiable information;
- Development, maintenance, and availability of documentation to help users determine appropriate and safe uses of AI in local settings;
- Collaboration with state, local, Tribal, and territorial health and human services agencies to advance positive use cases and best practices for use of AI in local settings; and
- Identification of AI uses to promote workplace efficiency, including reducing administrative burdens.
The executive order further directs HHS to establish an AI Safety Program that “establishes a common framework for approaches to identifying and capturing clinical errors resulting from AI deployed in healthcare settings.” A central tracking repository also will be created to track “incidents that cause harm, including through bias or discrimination, to patients, caregivers, or other parties.”
To learn more about how NAVEX can help keep your healthcare organization compliant with current and upcoming regulations, check out our solutions for the healthcare industry.
