Burda on Healthcare: Are You Enjoying the Golden Age of Healthcare Regulation?

Oh, to be a healthcare chief compliance officer. Talk about job security. If you haven’t realized it already, you’re living in the golden age of healthcare regulation.

Since I began covering healthcare as a business reporter 40 years ago, all I’ve heard is that healthcare is the most regulated industry in the U.S. I never had any reason to doubt that statement as my main beat and interest over those four decades were healthcare legal topics, primarily the “big three” of antitrust, fraud and tax. I always had something to write about. Throw in quality and patient safety, and I was the busiest reporter on staff.

And that’s true — I was the busiest until health IT and electronic medical records came along. As my friend and colleague Rick Weissenstein said, “What’s the big deal? It’s just computers.” Tell that to Elizabeth Gardner, John Morrissey and Joe Conn, the three best healthcare reporters to ever cover the health IT beat.

But that experience is nothing compared with what confronts a healthcare reporter today whose editor assigned them to the legal or regulatory beat. Where do you even start?

Let’s look at some of the things federal and state legislatures and regulators are trying to regulate, in no particular rank or order other than alphabetical and with no editorial comments from me.

Artificial Intelligence

The White House issued an executive order Oct. 30 on the “safe, secure, and trustworthy development and use of artificial intelligence.” The order includes a long section (Section 8(b)) on healthcare. It directs HHS to create an AI task force that will have a year to “develop a strategic plan that includes policies and frameworks—possibly including regulatory action, as appropriate—on responsible deployment and use of AI and AI-enabled technologies in the health and human services sector (including research and discovery, drug and device safety, healthcare delivery and financing, and public health).”

Cybersecurity

New York proposed new cybersecurity regulations on Nov. 13, for all hospitals in the state. New York Gov. Kathy Hochul said the proposed regulations, which she called “nation-leading,” would help hospitals “establish policies and procedures to safeguard healthcare systems from growing cyber threats.” The proposed regs would require hospitals to develop cybersecurity response plans, regularly test those plans, have chief information security officers and use multifactor authentication to access the hospital’s internal health information systems from any external source. After the state finalizes the proposed regulations next year, hospitals will have a year to comply with the new cybersecurity requirements.

Financial Transparency

Colorado passed legislation that requires hospitals to report a greatly expanded list of detailed financial information to the state’s Department of Health Care Policy and Financing. The department, in turn, will take that information to generate a publicly available report — formerly called the “hospital expenditure report” and now the “hospital transparency report” — for each hospital. Colorado Gov. Jared Polis signed the legislation into law June 2, and the law’s provisions take effect July 1, 2024. Beyond audited financial statements, hospitals must now report transfers of cash, investments and other assets from individual hospitals to their parent health systems, changes in up to 25 major service lines, planned and completed major capital investments, information on physician practice acquisitions and the salary and total compensation of the top five highest-paid executives.

Revenue Cycle

Minnesota passed legislation that places new requirements and restrictions on the billing and collection practices of hospitals. Gov. Tim Walz signed the bill into law in May, and the revenue cycle management rules took effect Nov. 1. The law requires hospitals to screen uninsured patients to determine if they are charity cases and/or eligible for financial assistance. Until hospitals make that determination, they can’t offer a patient a loan or line of credit, accept a credit card payment of more than $500, refer a patient’s unpaid medical bill to collections or deny care to a patient or a member of the patient’s family because they have unpaid medical bills. The law also requires hospitals to post the availability of charity care in common patient areas and in all languages spoken by more than 5% of the hospital’s patient population.

Staffing

Oregon passed legislation that establishes minimum nurse staffing levels for hospitals. Oregon Gov. Tina Kotek signed House Bill 2697 into law Aug. 15. The law creates minimum registered nurse-to-patient ratios for different types of hospital units. In the emergency room, for example, the ratio is one-to-one. On a traditional med-surg floor it’s one-to-five initially then tightens to one-to-four in 2026. Regulations implementing the new law take effect June 1, 2024, according to the Oregon Nurses Association.

Supply Chain

The White House announced a series of initiatives Nov. 27 to “strengthen America’s supply chains, lower costs for families, and secure key sectors.” The actions feature a “presidential determination” to expand the Department of Health and Human Services’ (HHS) regulatory purview over the healthcare supply chain. HHS will be able to leverage the 73-year-old Defense Production Act to incent pharmaceutical companies to make their “essential medicines” in the U.S. HHS also will appoint a new Supply Chain Resilience and Shortage Coordinator “to strengthen the resilience of medical product and critical food supply chains, and to address related shortages.”

The Elephant in the Regulatory Room

I’ll stop there with two caveats.

The first one, and it’s a big one, I deliberately didn’t include federal and state legislative and regulatory efforts to illegally strip or legally codify reproductive health and abortion services rights guaranteed to women under the U.S. Constitution. That battle clearly puts healthcare providers and health insurers in the regulatory crosshairs as collateral damage. But that’s another column if not a book.

Second, I handpicked the six things that federal and state lawmakers and regulators want to regulate to illustrate the breadth of what healthcare chief compliance officers will have to deal with. The six things are really the tip of the iceberg in this golden age of healthcare regulation.

If you want to learn more about what states are up to, I’d recommend the National Conference of State Legislatures’ 2023 legislative recap. If you want to learn more about what the federal government is up to, I’d recommend the Federal Register. It’s a page-turner. There are always lots of new healthcare regulations in there.

The overarching question is why? What’s behind this golden age of healthcare regulation? Why are state and federal governments all over every inch of the healthcare industry?

Enough Blame to Go Around

In a previous 4sight Health column, “This Is a Story About Where Healthcare Regulations Come From,” I suggested that bad behavior or poor performance is the cause of all healthcare regulation. Government steps in when healthcare sectors fail to police themselves. Biased AI algorithms that exacerbate health disparities. Daily cyberattacks and breaches of protected health information. Questionable uses of tax-exempt revenue to benefit private interests. Short staffing that threatens patient safety. Chronic shortages of life-saving drugs. It’s a compelling argument to make.

Philosophically, I’d much prefer fair market competition to heavy-handed government regulation as the catalyst for the customer revolution in healthcare. Viva la revolution more than viva la regulation. But I’d expect more of the latter if I were you as this industry just can’t seem to get its act together.

Thanks for reading.