On January 31, 2024, Saint Peter’s Healthcare System (Saint Peter’s) announced that it entered into a Letter of Intent with Atlantic Health System to create a strategic partnership to fully integrate the two health care systems. Under the terms of the Letter of Intent, Atlantic Health System will invest significantly in Saint Peter’s and its service area, helping St. Peter’s evolve into a comprehensive healthcare system serving central New Jersey communities. Atlantic Health System and St. Peter’s would work together to create synergies between the two healthcare systems, including transitioning Saint Peter’s to Atlantic Health System’s electronic medical record system. The systems would also expand their existing relationship in the Healthcare Transformation Consortium, aimed at providing more accessible health insurance to employees statewide. Saint Peter’s would continue to carry on its Catholic mission and abide by the Ethical and Religious Directives for Catholic Health Care Services.
For years, St. Peter’s has been looking to form a strategic partnership with a larger hospital system. Saint Peter’s had previously entered into a definitive agreement to merge with RWJBarnabas Health System, but that merger failed due to opposition from the Federal Trade Commission, which alleged that a merger between St. Peter’s and RWJBarnabas Health System would reduce competition in Middlesex County, a claim that was subsequently upheld by a federal judge. If consummated, the strategic partnership would greatly expand Atlantic Health System’s reach and impact in New Jersey.
For more information, contact:
John D. Fanburg, Chair | 973.403.3107 | jfanburg@bracheichler.com
Edward Hilzenrath | 973.403.3114 | ehilzenrath@bracheichler.com
On January 8, 2024, the New Jersey Office of the State Comptroller (OSC) announced that RDx Bioscience agreed to pay $2.93 million to NJ Medicaid and RDx and Eric Leykin, the CEO and owner of RDx, agreed to pay $10.32 million to the United States to settle Medicaid overpayment and kickback claims. In connection with OSC’s audit of claims submitted by RDx, Leykin acknowledged that RDx routinely overcharged Medicaid for lab tests, conducted unnecessary lab tests, and lacked documentation for claims, including missing signatures in violation of Medicaid regulations. The settlement with the United States resolved allegations regarding kickbacks paid to induce referrals to RDx for lab testing. RDx is no longer operating.
Leykin also faces criminal charges. In July 2023, Leykin allegedly impersonated a technician to enter a competitor’s lab in order to destroy and steal equipment. As a result, OSC’s Medicaid Fraud Division suspended Leykin and RDx from New Jersey Medicaid while the criminal case is pending.
For more information, contact:
Riza I. Dagli | 973.403.3103 | rdagli@bracheichler.com
Edward J. Yun | 973.364.5229 | eyun@bracheichler.com
Cynthia J. Liba | 973.403.3106 | cliba@bracheichler.com
According to a recent announcement from the United States Department of Justice, Silver Lake Hospital, a long-term care hospital based in Newark, New Jersey, has agreed to pay over $18.6 million, plus interest, to resolve alleged violations of the federal False Claims Act for claiming excessive cost outlier payments from the Medicare program. In addition, several investors in Silver Lake Hospital have agreed to pay $12 million, plus interest, to resolve alleged Federal Debt Collection
Procedures Act (FDCPA) violations for the fraudulent transfer of money by the hospital to its investors.
According to the Department of Justice, from 2018 to 2023, Silver Lake Hospital overbilled Medicare for in-patient services under the so-called “cost outlier” program, designed to incentivize and compensate hospitals for treating patients with unusually expensive care, in violation of the federal False Claims Act. Silver Lake allegedly defrauded the cost outlier payment system by rapidly increasing its charges far more than actual increases in its costs for providing care, thereby receiving excessive payments from Medicare. The Department of Justice further alleged that Silver Lake Hospital transferred millions of dollars to its investors without receiving equivalent value in return, when the hospital knew or should have known that it would not be able to repay its debts to Medicare, in violation of the FDCPA.
For more information, contact:
Keith J. Roberts | 973.364.5201 | kroberts@bracheichler.com
Shannon Carroll | 973.403.3126 | scarroll@bracheichler.com
Paul DeMartino | 973.364.5228 | pdemartino@bracheichler.com
On January 16, 2024, Governor Phil Murphy signed into law the New Jersey Data Privacy Act, P.L.2023, C.266. The new law places certain obligations on “controllers” conducting business in New Jersey or producing products or services targeted to New Jersey residents and on “processors.” Controllers are legal entities that (alone or jointly with others) determine the purpose and means of processing personal data, and “processors” are individuals, entities or agencies that process personal data on behalf of the controller. The law applies to controllers who (i) control or process personal data of at least 100,000 consumers (except personal data processed solely for completing a transaction), or (ii) control or process the personal data of at least 25,000 consumers while deriving revenue or receiving a discount on the price of any goods or services from selling personal data.
In brief summary and in part, controllers must provide a comprehensive privacy notice to consumers containing certain key elements and information, and processors must assist the controller (i) in taking measures to assist the controller in responding to consumer requests, (ii) with security in processing personal data, and (iii) in providing information to the controller to conduct and document data protection assessments.
The law also gives consumers certain rights with respect to personal data, including the right to confirm whether a controller accesses and processes their personal data access, the right to correct, the right to delete, the right to obtain a portable copy, and the right to opt out of processing for certain purposes. “Personal data” is defined as “any information that is linked or reasonably linkable to an identified or identifiable person,” but excludes de-identified data or publicly available information. Additional protections apply to “sensitive data,” which is defined as “personal data revealing racial or ethnic origin; religious beliefs; mental or physical health condition, treatment, or diagnosis; financial information, which shall include a consumer’s account number, account log-in, financial account, or credit or debit card number, in combination with any required security code, access code, or password that would permit access to a consumer’s financial account; sex life or sexual orientation; citizenship or immigration status; status as transgender or non-binary; genetic or biometric data that may be processed for the purpose of uniquely identifying an individual; personal data collected from a known child; or precise geolocation data.”
The law will become effective on January 15, 2025 and grants authority to the New Jersey Director of the Division of Consumer Affairs in the Department of Law and Safety to promulgate rules and regulations necessary to implement the law.
For more information, contact:
Lani M. Dornfeld, CHPC | 973.403.3136 | ldornfeld@bracheichler.com
Jonathan J. Walzman | 973.403.3120 | jwalzman@bracheichler.com
On December 28, 2023, the U.S. Department of Health and Human Services Office of Inspector General, (OIG) issued Advisory Opinion No. 23-15 approving a proposed arrangement where a consultant would pay a referral fee to its physician practice clients if they recommend the consultant to other physician practices.
Under the proposed arrangement, the consultant provides practice optimization services to physician practice clients in exchange for a service fee. The consultant will offer these physician practice clients a $25 gift card if they recommend the consultant’s services to other physician practices and an additional $50 gift card if the recommendation results in a new physician practice retaining the consultant.
The OIG analyzed this arrangement based on three remuneration streams:
1. Gift cards provided to physician practice clients who recommend the consultant’s services to other physician practices. The OIG determined that these gift cards are not given in exchange for referrals, purchases, arrangements, or recommendations of any item or service reimbursable by Federal health care programs.
2. The service fee paid by the physician practice clients to the consultant. The OIG noted that the consultant agreed not to recommend to any client the purchasing, leasing, or ordering of any item or service reimbursable by Federal health care programs.
3. Higher reimbursements under Medicare’s Merit-Based Incentive Payment System to physician practice clients due to consultant services. The OIG found that, although these services might result in increased reimbursement, any remuneration clients may receive is not in exchange for referrals, purchases, arrangements, or recommendations of any item or service reimbursable by Federal health care programs.
For more information, contact:
Carol Grelecki | 973.403.3140 | cgrelecki@bracheichler.com
Edward J. Yun | 973.364.5229 | eyun@bracheichler.com
Vanessa Coleman | 973.364.5208 | vcoleman@bracheichler.com
On February 8, 2024, the U.S. Department of Health and Human Services (HHS), in collaboration with the Office for Civil Rights (OCR) and the Substance Abuse and Mental Health Services Administration (SAMHSA), announced changes to the Confidentiality of Substance Use Disorder (SUD) Patient Records regulations at 42 C.F.R. Part 2.
This final rule includes the following key changes:
1. Patients may provide a single patient consent for all future uses and disclosures of patient records for treatment, payment, and healthcare operations.
2. HIPAA covered entities and business associates may re-disclose patient records, except that patient records cannot be used in legal proceedings against the patient without specific consent or court order.
3. Patients have the right to an accounting of disclosures, as well as to restrict certain disclosures, consistent with HIPAA.
4. If there is a breach under 42 C.F.R. Part 2, notice must be given that satisfies the same breach notification requirements under HIPAA.
5. HHS’s enforcement authority now includes the imposition of civil money penalties for violations of 42 C.F.R. Part 2.
The final rule aims to enhance coordination among providers treating patients for SUDs, strengthen confidentiality protections, and improve the integration of behavioral health information with other medical records.
For more information, contact:
Joseph M. Gorrell | 973.403.3112 | jgorrell@bracheichler.com
Edward J. Yun | 973.364.5229 | eyun@bracheichler.com
Vanessa Coleman | 973.364.5208 | vcoleman@bracheichler.com
On February 2, 2024, the Substance Abuse and Mental Health Services Administration (SAMHSA), a division of the Department of Health and Human Services, published a final rule significantly updating the regulations governing Opioid Treatment Programs (OTPs) for the first time in 20 years. The final rule makes certain COVID-19 flexibilities permanent by expanding patient access and eligibility to medications for opioid use disorder by providing patients with the ability to initiate treatment via telehealth. Some of the other significant updates adopted in the final rule include allowing mid-level providers to order medications in OTPs to the extent permitted by state law, eliminating the requirement that patients have a history of addiction for a full year before being eligible for treatment, increasing access to interim treatment with or without medication treatment while awaiting further services, promoting patient-centric care, and removing the stigma around treatment by updating terminology to reflect current medical usage.
The final rule goes into effect on April 2, 2024, although OTPs will have until October 2, 2024 to ensure compliance. While finalizing more flexible regulations for OTPs, SAMHSA will continue to maintain accreditation requirements for all programs. The Drug Enforcement Agency (DEA) is expected to release a complementary rule that will pertain to those who are receiving care for substance use disorder but who are not participating in an OTP. It remains to be seen whether the DEA will permanently waive the in-person requirement for the prescription of controlled substances.
For more information, contact:
Isabelle Bibet-Kalinyak, Vice Chair | 973.403.3131 | ibibetkalinyak@bracheichler.com
Richard Robins | 973.447.9663 | rrobins@bracheichler.com
Michael Foster | 973.403.3102 | mfoster@bracheichler.com
On February 16, 2024, the Centers for Medicare & Medicaid Services (CMS) announced plans to establish a Medicare demonstration project aimed at enhancing procedures for identifying, investigating, and prosecuting Medicare fraud within ambulatory surgical
centers (ASCs) that cater to Medicare beneficiaries. Under this initiative, ASC providers would be required to submit comprehensive documentation to their Medicare Administrative Contractors (MACs) demonstrating compliance with applicable Medicare coverage, coding, and payment regulations before providing services. Trained clinical reviewers at the MACs would assess the medical necessity and adherence to Medicare requirements for the requested services. If an ASC provider fails to submit a prior authorization request before rendering the service and submitting a claim to Medicare for payment, the MAC would request the necessary information from the ASC provider to determine if the service meets applicable Medicare coverage, coding, and payment rules before processing the claim.
The specific procedures subject to prior authorization and the geographical scope of the demonstration project remain undisclosed by CMS. Comments from stakeholders are currently being sought by CMS until April 16, 2024. Further details are anticipated in the forthcoming 2025 ASC proposed payment rule from CMS.
For more information, contact:
Isabelle Bibet-Kalinyak, Vice Chair | 973.403.3131 | ibibetkalinyak@bracheichler.com
Jonathan J. Walzman | 973.403.3120 | jwalzman@bracheichler.com
Assembly Bill 1646, reintroduced in the New Jersey General Assembly on January 9, 2024, would establish disclosure requirements regarding prescription drugs and biological product costs. Pharmacy Benefits Managers (PBMs) would be required to disclose information regarding pricing to benefit plan purchasers. PBMs would be required to establish a toll-free telephone number for consumers and pharmacists to use to inquire about plan coverage, pricing, and product safety. Callers would not be permitted to be placed on hold for more than 5 minutes and concerns would need to be resolved within 24 hours. The Bill would establish the Prescription Drug and Biological Product Review Commission. This Commission would have authority to establish a maximum price for drugs or biological products
Assembly Bill A1036, reintroduced in the New Jersey General Assembly on January 9, 2024, would prohibit health insurance payers from using down coding to prevent a healthcare provider from submitting a health benefit claim for the actual services performed. Down coding occurs when a health insurance payer disputes a specific service or argues that a certain diagnosis did not require the specific service code submitted by the health care provider. When down coding occurs, it can significantly reduce revenue for health care providers.
Assembly Bill A3507, introduced in the New Jersey General Assembly on February 5, 2024, would require every hospital that provides inpatient maternity services to maintain both a Baby-Friendly Hospital designation issued by Baby-Friendly USA and a Mother-Friendly Hospital designation issued by the Improving Birth Coalition as a condition of continuing to provide inpatient maternity services.
For more information, contact:
John D. Fanburg, Chair | 973.403.3107 | jfanburg@bracheichler.com
Edward Hilzenrath | 973.403.3114 | ehilzenrath@bracheichler.com
Erika R. Marshall | 973.364.5236 | emarshall@bracheichler.com
On December 7, 2023, the Department of Health & Human Services, Office for Civil Rights (OCR) announced its first-ever settlement involving a cyber-attack that emanated from a phishing scheme. “Phishing is a type of cybersecurity attack used to trick individuals into disclosing sensitive information via electronic communication, such as email, by impersonating a trustworthy source,” and, according to OCR’s Director, “is the most common way that hackers gain access to health care systems to steal sensitive data and health information.”
By way of background, OCR conducted an investigation of a medical group after it filed a breach report with OCR stating that a hacker, through a successful phishing attack, had gained access to an email account containing protected health information, or PHI. Among OCR’s findings were that the group failed to conduct an organization-wide risk analysis to identify potential threats or vulnerabilities to the group’s systems, had no
HIPAA policies and procedures in place, and failed to regularly review system activity. In settling the matter, the group agreed to pay OCR $480,000 and implement a corrective action plan that will be monitored for two years.
On February 8, 2024, Centers for Medicare & Medicaid Services (CMS) issued a memorandum, QSO-24-05-Hospital/CAH, to State Survey Agency Directors on the subject of texting of patient information and orders for hospitals and critical access hospitals (CAHs). The memorandum revises previous CMS memorandum QSO-18-10-Hospital, CAHs Revised.
In the new guidance document CMS advised that:
• Texting patient information and the texting of patient orders among members of the health care team is permissible, if accomplished through a HIPAA compliant secure texting platform (STP) and in compliance with Medicare Conditions of Participation (CoPs), and
• Computerized Provider Order Entry (CPOE) continues to be the preferred method of order entry by a provider.
CMS also reminds providers that, to maintain compliance with Medicare COPs and HIPAA, all providers must utilize and maintain systems/platforms that are secure and encrypted and must ensure the integrity of author identification as well as minimize the risks to patient privacy and confidentiality. This includes the routine assessment of the security and integrity of texting systems/platforms.
For more information or assistance with your privacy and security program, contact:
Lani M. Dornfeld, CHPC | 973.403.3136 | ldornfeld@bracheichler.com
Get to know the faces and stories of the people behind the articles in each issue. This month, we invite you to meet Member Jonathan Walzman and Associate Erika Marshall.
What advice can you share with a client who might need your services?
Communication is key to a successful attorney-client relationship. Be open and transparent about your situation, concerns, and objectives, and clearly communicate your goals and priorities. Whether you are dealing with a transactional matter or a regulatory compliance issue, understanding what you want to achieve will guide our strategy and approach. Legal matters in healthcare can be complex and time-consuming. It is important to stay actively engaged and provide timely responses to requests for information or documents. Your cooperation and participation are essential to achieving your goals. By working closely and collaboratively with your attorney, we can navigate the legal process together and achieve the best possible outcome for your situation.
What are some best practices for healthcare clients?
Stay up-to-date with federal, state, and local laws and regulations governing the healthcare industry and implement policies and procedures to ensure compliance. Always be proactive, and try to identify and mitigate potential risks before a problem materializes. Provide training and education programs for your staff to ensure that staff members are knowledgeable and competent in their roles and responsibilities and do not engage in conduct that can lead to potential liability. Finally, establish a relationship with experienced healthcare attorneys who can provide guidance, advice, and representation on legal matters affecting the practice and consult with them proactively. By adhering to these best practices, healthcare clients can promote legal compliance, mitigate risks, and uphold the highest standards of patient care and ethical conduct within their practices.
What advice can you share with a client who might need your services?
When discussing a potential problem with counsel the best advice is to clearly communicate what you believe the issue at hand to be and what your ultimate goal is. Communicating what you want will enable counsel to advocate for you and your interests while working toward a resolution.
What are some best practices for healthcare clients?
It is important that each owner, partner and member of a business have a general understanding of how their business operates and stay up to date on recent developments and changes in the healthcare sector to ensure compliance.
On February 15-18, Healthcare Law Vice Chair Isabelle Bibet-Kalinyak presented at the “Telling it Like it Is” conference giving an eye healthcare law and practice management update.
On January 31, Healthcare Law Vice Chair Isabelle Bibet-Kalinyak presented a legal and legislative update to the New Jersey Association of Ambulatory Surgery Centers.
On January 11, Healthcare Law Vice Chair, Isabelle Bibet-Kalinyak, Esq. represented Bucks-Mont Eye Associates in its M&A transaction with private equity-backed Vision Innovation Partners (VIP) which closed just before the end of 2023.
Congratulations to Managing Member and Healthcare Law Chair John D. Fanburg for being honored in the 2024 ROI Influencers Power List for Law.
Attorney Advertising: This publication is designed to provide Brach Eichler LLC clients and
contacts with information they can use to more effectively manage their businesses. The contents
of this publication are for informational purposes only. Neither this publication nor the lawyers who
authored it are rendering legal or other professional advice or opinions on specific facts or matters.
Brach Eichler LLC assumes no liability in connection with the use of this publication.
Shannon Carroll | 973.403.3126 | scarroll@bracheichler.com
Riza I. Dagli | 973.403.3103 | rdagli@bracheichler.com
Lani M. Dornfeld | 973.403.3136 | ldornfeld@bracheichler.com
John D. Fanburg, Chair | 973.403.3107 | jfanburg@bracheichler.com
Joseph A. Ferino | 973.364.8351 | jferino@bracheichler.com
Joseph M. Gorrell | 973.403.3112 | jgorrell@bracheichler.com
Edward Hilzenrath, HLU Editor | 973.403.3114 | ehilzenrath@bracheichler.com
Keith J. Roberts | 973.364.5201 | kroberts@bracheichler.com
Richard B. Robins | 973.447.9663 | rrobins@bracheichler.com
Jonathan J. Walzman | 973.403.3120 | jwalzman@bracheichler.com
Edward J. Yun | 973.364.5229 | eyun@bracheichler.com
Michael C. Foster | 973.403.3102 | mfoster@bracheichler.com
Paul J. DeMartino, Jr. | 973.364.5228 | pdemartino@bracheichler.com
Erika R. Marshall | 973.364.5236 | emarshall@bracheichler.com
Roseland, NJ | New York, NY | West Palm Beach, FL | www.bracheichler.com | 973.228.5700
STAY CONNECTED! FOLLOW US 
