FDA Issues Guidance for Drug & Device Companies’ Social Media Interactions

In June, the U.S. Food and Drug Administration issued two draft guidance documents for the pharmaceutical and medical device industries related to social media. The guidance is part of an asserted effort by the FDA to provide more clarity regarding how drug and device manufacturers may appropriately communicate through Internet platforms.

The first document, Internet/Social Media Platforms with Character Space Limitations—Presenting Risk and Benefit Information for Prescription Drugs and Medical Devices, addresses advertising and promotional communications concerning prescription drugs and medical devices on sites where character space is limited, such as Twitter and sponsored search engine results. The guidance specifies, among other things, that each “tweet” must include both benefits and risks of the promoted drug and should include a hyperlink to a more comprehensive list of risks and side effects.

The other draft guidance, Internet/Social Media Platforms: Correcting Independent Third-Party Misinformation About Prescription Drugs and Medical Devices, addresses how manufacturers may correct certain misinformation posted by independent third parties and in chat rooms. As long as the information appears on a site not controlled by the company, the FDA does not mandate that a company correct the misinformation. If, however, the company chooses to correct the misinformation, they must follow certain protocol as outlined in the guidance.

Manufacturers may submit comments regarding the draft guidance documents to the FDA until September 16, 2014. While the guidance is solely issued for pharmaceutical and medical device companies, all providers must use caution when using social media to promote their services, practice group, a certain procedure, etc. In 2013, the Kentucky Board of Medical Licensure adopted the Model Policy for the Appropriate Use of Social Media and Social Networking in Medical Practice (“Model Policy”) that was issued by the Federation of State Medical Boards (“FSMB”). See more on the adoption here.

The unintended consequences of social media can lead to real consequences, as even seemingly innocent and inconspicuous postings and interactions can result in costly and serious repercussions. Inappropriate postings or patient-physician communications can lead to violations of HIPAA and the Kentucky Medical Practice Act, licensing violations, or even fraud and abuse charges (i.e., physicians pay money to third parties to promote their services through online media platforms). The FDA guidance, even if not binding on a particular health care profession, is still informative and can serve as a great reference tool in policymaking.

If you are a health care provider and have questions about drafting or implementing social media policies for your health care organization, contact a McBrayer health care attorney today.

 Molly Lewis

Molly Nicol Lewis is an Associate of McBrayer, McGinnis, Leslie & Kirkland, PLLC.  Ms. Lewis concentrates her practice in healthcare law and is located in the firm’s Lexington office. She can be reached at mlewis@mmlk.com or at (859) 231-8780. 

This article is intended as a summary of federal and state law and does not constitute legal advice.

Leave a comment

Preparing for Round Two, Continued

Earlier this week, information about OCR Phase 2 HIPAA audits was provided. Today, let’s take a look at how to prepare if your entity is selected for an audit:

  • Confirm that a recent comprehensive Risk Assessment has been completed and documented.
  • Confirm that all action items identified in the Risk Assessment have received attention and have been completed (or are in the process of being completed).
  • Verify that policies are up-to-date, including breach notification procedures, notice of privacy practices, and responses to patient requests.
  • Ensure that a current list of business associates (and their contact information) is readily available.

Because Phase 2 does not consist of on-site visits, there will not be an opportunity for dialogue with auditors. Therefore, it is crucial to ensure that documentation alone shows a complete picture of an entity’s compliance efforts. All documents should be carefully reviewed, dated, and signed before turned over to an auditor. While providing extraneous information is not recommended, it is important to double-check that all requested and necessary information is submitted.

Phase 2 audits set to occur in 2016 will focus on the Security Standard’s encryption and decryption requirements, facility access controls, breach reports and complaints. It is never too early to start considering what protocols, training, and procedures will need to be implemented in anticipation of a possible audit related to these items.

In the event you are selected for a Phase 2 audit and have any questions about your responsibilities or what you can do to ensure a smooth process, contact a McBrayer health care attorney today.

Emily Hord

Emily M. Hord is an Associate of McBrayer, McGinnis, Leslie & Kirkland, PLLC.  Ms. Hord concentrates her practice in healthcare law and is located in the firm’s Lexington office. She can be reached at ehord@mmlk.com or at (859) 231-8780. 

This article is intended as a summary of newly enacted federal and state law and does not constitute legal advice.

Leave a comment

Thank you to community health centers for helping keep America healthy!

The Power of Health Centers. National Health Center Week 2014. 21.7 million patients served. 86 million patient visits. 156 thousand staff employed. #NHCW2014. HealthCare.gov.

Leave a comment

Are You Ready for Round Two?

In February 2014, the Health and Human Services Office of Civil Rights (“OCR”) announced its plans to send pre-audit surveys to between 550 and 800 entities during the summer in preparation for Phase 2 HIPAA compliance audits. After collecting information from those surveyed, OCR will select about 400 of those entities for actual HIPAA audits. Those audits will begin this fall – which is quickly approaching.

Of the 400 entities selected for audit, it is anticipated that 350 will be covered entities (further broken down as 232 health care providers, 109 health plans, and 9 health care clearinghouses) and the remaining organizations will be business associates. This is the first time the government will audit business associates. In addition to the increased scope, there a number of ways in which the Phase 1 audits (conducted in 2011 and 2012) differ from the upcoming round:

  • Contractors conducted Phase 1 audits, but OCR staff will primarily conduct Phase 2.
  • Phase 2 audits will target the HIPAA Standards, which the Phase 1 audits yielded high non-compliance numbers. The audits will be broken down by type: 100 entities will be audited for compliance with the Privacy Rule (including Notices of Privacy Practices and patient access to PHI); 100 will be audited on content and timeliness of notifications under the Breach Notification Rule; and 150 will be audited on the risk analysis and management standards of the Security Rule. Business associates will only be audited for risk analysis, risk management, and breach reporting to covered entities.
  • Phase 2 will not consist of on-site visits, but rather desk-audits. Auditors will not have the opportunity to seek clarification or additional data and only data submitted on time will be considered.
  • OCR has indicated that Phase 2 and future audits may be tied to enforcement, whereas the findings from Phase 1 were not used for enforcement purposes.

For more information about the Phase 2 process and how to prepare for a potential audit, visit the site again on Thursday.

Emily Hord





Emily M. Hord is an Associate of McBrayer, McGinnis, Leslie & Kirkland, PLLC.  Ms. Hord concentrates her practice in healthcare law and is located in the firm’s Lexington office. She can be reached at ehord@mmlk.com or at (859) 231-8780. 

This article is intended as a summary of newly enacted federal and state law and does not constitute legal advice.


Leave a comment

Do You Enjoy Our Blog? Nominate Us!

Dear Reader,

The American Bar Association is working on its annual list of the 100 best legal blogs. If you enjoy this blog, we would sincerely appreciate your support by completing a very short “Friend-of-the-Blawg” form found here.   Deadline is this Friday, August 8 at 5:00 p.m. ET.

Thanks so much for your support! We hope you continue to find our articles informative and insightful.

Hands Holding Vote

Leave a comment

DOJ Intervenes In Case Involving ACA’s 60-Day Overpayment Rule

Recently, the Department of Justice (“DOJ”) intervened in a qui tam whistleblower suit in the US District Court for the Southern District of new York, which involves Continuum Health Partners and several Mount Sinai-related hospitals. United States ex. Rel. Kane v. Continuum Health Partners, Inc. et al, (Civil Action, No. 11-2325(ER)). While DOJ intervention in whistleblower cases is not unusual, this case is significant because the DOJ’s complaint specifically alleges that the defendants failed to return Medicaid overpayments within 60 days, as required by the Affordable Care Act (“ACA”). The case is one of the first to explore the issues and interpret the requirements of the 60-Day Rule.

Caduceus Medical Symbol Chrome

Section 6402(d) of the ACA requires “overpayment” to be reported, explained and returned within 60 days after the date on which it is identified or any corresponding cost report was due, if applicable. The term “overpayment” is defined as any funds that a person receives or retains under the Medicare or Medicaid programs to which that person is not entitled. Retention of an identified overpayment is now considered an “obligation” under the FCA, meaning that the government can pursue civil penalties against those who retain such overpayments as “reverse false claims.” The Centers for Medicare and Medicaid Services (“CMS”) issued a Proposed Rule for the 60-day requirement in 2012, but to date, those regulations have not been finalized. See 77 Fed. Reg. 32, 9179-9187 (Feb. 16, 2012). The Proposed Rule indicates that retaining payments past the 60 days can lead to civil monetary penalties between $5,000 to $11,000 per violation, liability for three times the claim’s value (i.e., treble damages), attorney’s fees and/or exclusion from federal health care programs.

In the pending case, the defendant hospitals were billing New York Medicaid as a secondary payor for Medicaid managed care patients enrolled with Healthfirst. The hospitals provided covered services to the enrollees and were obligated to accept Healthfirst’s reimbursement as payment in full. New York law prohibits the hospitals from billing New York Medicaid as a secondary insurer. The erroneous claims were not the fault of the providers, but instead were the result of coding errors by Healthfirst.

After the New York Office of the State Comptroller identified a small number of claims erroneously paid by Medicaid, a subsequent internal investigation was conducted. Robert Kane, an employee in the revenue department, was asked to investigate the issue. Kane determined that potentially 900 claims representing payments in excess of $1 million may have been wrongly submitted, and paid, by New York Medicaid. According to the allegations, he reported his findings in February 2011 and was subsequently terminated.

The hospitals did begin repayment, eventually repaying the full amount. The key issue, however, is whether the hospitals fraudulently delayed the repayments. The DOJ’s position is that the overpayments were identified in February 2011 (when Kane notified executives of the problem), but that repayment was not made until March 2013 and only after the government issued a Civil Investigative Demand.

The ambiguity concerning the “identification” of overpayments is a source of much industry confusion, especially because the proposed definition has not been finalized. The Proposed Rule states that an overpayment has been “identified” for purposes of the ACA when “the person has actual knowledge of the existence of the overpayment or acts in reckless disregard or deliberate indifference of the overpayment.” Id. at 9180, 9187.

In light of Kane, it is evident that the DOJ is serious about not only enforcing the repayment rules under the FCA, but also pursuant to the ACA 60-Day Rule. Despite a lack of formalized guidance from CMS, providers must take great care to “identify” potential overpayments promptly and with thorough investigation. And, often whether an overpayment actually exists can be a legal question. Regardless, extreme care must be taken when overpayment is suspected.

If you have a question about overpayment, do not delay – contact a McBrayer health care attorney today.

Lisa Hinkle






 Lisa English Hinkle is a Member of McBrayer, McGinnis, Leslie & Kirkland, PLLC.  Ms. Hinkle concentrates her practice area in health care law and is located in the firm’s Lexington office.  She can be reached at lhinkle@mmlk.com or at (859) 231-8780. 

This article is intended as a summary of federal and state law and does not constitute legal advice.

Leave a comment

You’re Invited To Attend a Complimentary Webinar, “Medicaid: Getting Paid & Keeping It!”

Are you a health care provider familiar with the challenges of getting paid for services rendered? Is Medicaid making it more complicated? Join the McBrayer health care group and Kentucky Primary Care Association for a discussion about the Medicaid reimbursement process — disputes, audits, appeals, reconciliations, payment plans, and everything in between. This 2-part series webinar will help you make sense of Medicaid and put you on the road to reimbursement.

heap of dollars with stethoscope

Session I: Wednesday August 20, 12:00 -1:30 EST (*All registrants for Session I will be automatically registered for Session II.)

  • Overview of the Medicaid Administrative Appeal Process
  • DRM
  • Administrative Appeal of the DRM Decision
  • Elements of the Dispute Resolution Process
  • Administrative Hearing Process
  • Judicial Appeals
  • Settlement
  • McBrayer’s “Top Issues”

Session II: Wednesday August 27, 12:00-1:30 EST

  • Federal Medicaid Audit Authority
  • Overview of the Medicaid Integrity Contractors
  • What To Do if You’re Contacted by a MIC Auditor
  • Opportunities to Contest a MIC Auditor’s Adjustment/Denials/Identification of Overpayment


Questions? Contact Morgan Hall, McBrayer Marketing Director, at (859) 231-8780 or mhall@mmlk.com.

Leave a comment


Get every new post delivered to your Inbox.