I have spoken with so many of my clients and colleagues this summer about the HIE statutes, rules and the machinations of the legislature. According to the proposed rules all licensed providers were required to show a good faith effort to join the MyHealth Access Network, the state’s designated Health Information Exchange by July 1, 2023. However, at issue has been a provision allowing exemption of some providers which was less that clear and hotly contested particularly by behavioral health providers. The Governor disapproved those rules on June 23, 2023.

OHCA drafted revised OKSHINE emergency rules, which were approved on July 17, 2023. These emergency rules now establish that, instead of applying for exemption from OKSHINE transmission and utilization requirements, “[a]ll providers that register [for] an exemption shall be granted such exemption and shall not be subject to pay subscription fees and/or connection fees.” Therefore, any healthcare providers who desire OKSHINE exemption status will automatically receive such an exemption after completing OHCA’s OKSHINE Exemption Registration Form. The form may be accessed at this link.

OHCA staff will review submitted forms, and then notify those providers of their OKSHINE exemption status. According to the language of the rule, “[t]he exemption will automatically renew annually unless the provider withdraws their exemption and elects to participate.”

The federal government has declared that the COVID-19 Public Health Emergency (PHE) expires on 5/11/23Many things will occur on that day which I will endeavor to write about in the coming daysI have many clients and colleagues concerned with rules governing telehealth, so I will focus in my first posting for HLO on what may happen to the rules for tele-prescribing controlled substances post-PHEThe DEA and HHS jointly proposed rules early in 2023, largely characterized by institutional providers as burdensome and hindering access to care. The sponsoring agencies interpreted the responses to be overwhelmingly in opposition to the proposed rules, and so the proposed rules were abandoned.  The Ryan Haight Act of 2008, established the requirement that the practitioner prescribing controlled substances via the internet must have conducted at least one in-person medical evaluation of the patient, but the option the statute provided of a special registration requirement for telehealth-limited prescribers was also dismissed as too limitedDEA and HHS have now offered a Temporary Rule to the Office of Management and Budget (OMB) which was available online at federalregister.gov/d/2023-09936 on 5/9/23It seems that the agencies heard and acted upon the demand for continued flexibility for these providers and their patients’ needs. That rule provides that “[t]he full set of telemedicine flexibilities regarding prescription of controlled medications as were in place during the COVID-19 PHE will remain in place through November 11, 2023.”  In addition, a one-year grace period is established for any practitioner-patient telemedicine relationships established on or before 11/11/23 preserving the “full set of telemedicine flexibilities” in place during the COVID PHE. DEA is evaluating comments and preparing for implementation of final regulations.  The temporary rule, in effect until 11/11/24, adds new 21 C.F.R. 1307.41 and 42 C.F.R. 12.1. 

Final Rules have been issued for both the Stark Law (“Stark”) and the Anti-Kickback Statute (“AKS”).  Healthcare providers and their counsel have been awaiting these new rules for some time now.  In the days ahead, Phillips Murrah healthcare counsel will be studying the 627 pages of the Stark Final Rules and the 1,000 pages of the AKS Final Rules in order to advise our clients with regard to these changes.


The Final Rules for Stark establish new and permanent exceptions for value-based arrangements which will apply broadly to care provided for all patients and not just Medicare patients.  Stark will continue to act to limit overutilization of services, fraud and other abuse in the healthcare industry but will offer increased flexibility for current strategies and activities to encourage value-based arrangements, coordination and improvement of care which are both reasonable and beneficial to patients.


The Final Rule includes seven new safe harbors and modifications of four existing safe harbors.  In addition, there is a new exception for Civil Monetary Penalties Act for Beneficiary Inducements.  Of interest to counsel for both physicians and hospitals is the Final Rule’s clarification of Fair Market (“FMV”) as related to physician compensation.  FMV has been a continued troublesome of scrutiny and debate by all participants in the healthcare industry.  Also significant for many healthcare clients are the modifications and clarification of provisions related to cyber security and digital technology.

The following summary of the Oklahoma Johnson & Johnson opioid decision is also published at Lexology.com.

The decision in the non-jury trial, Oklahoma ex rel. Mike Hunter, Attorney General of Oklahoma v. Purdue Pharma L.P. et al was filed on August 26, 2019.  The trial, which lasted for thirty-three days, focused on the State’s sole claim against the defendants for public nuisance under state statute, during which forty-two witnesses were called by the parties and 874 exhibits were submitted into evidence, along with 225 additional court exhibits.

In the first such decision in the United States among a plethora of cases filed across the nation, the Court held that the State had met its burden of proof that the defendant, Johnson & Johnson, was the cause-in-fact of the extensively described injuries and that the harm suffered was the kind recognized by the state law. Purdue and Teva Pharmaceuticals settled prior to trial. The court found no intervening causes to defeat a finding of direct and proximate cause.

Testimony ran the gamut of describing the development of opioids in the 1950s and research and development that occurred from the 1990s until recent years, and it focused on what the Court considered intentionally misleading marketing information and activities. It is noteworthy that the Court included in its findings that there was no opioid epidemic in Oklahoma through the mid-1990s, according to the state Commissioner of Mental Health.

The Court found that “Defendants, acting in concert with others, embarked on a major campaign in which they used branded and unbranded marketing to disseminate the messages that pain was being undertreated and ‘there was a low risk of abuse and a low danger’…designed to reach Oklahoma doctors through multiple means and at multiple times over the course of the doctor’s professional education and career” in the state.  The defendants were found to have deceptively marketed the concepts of “undertreatment” and “pseudoaddiction” in the effort to avoid the “addiction ditch,” to increase the volume of prescriptions and increase use by state physicians.

An Abatement Plan was relied upon to represent the cost of addiction treatment included in the: assessment and treatment at all levels for addicted individuals; supplementary treatment; public medication and disposal programs; screening; Brief Intervention and Referral to Treatment (SBIRT) for all primary care practices and emergency departments; universal screening; pain management program for state Medicaid members; education; naloxone treatment and education; law enforcement and provider licensure agency investigation activities; and perinatal preventive services.

The total yearly costs for remediation as described to the Court for 2019 is $572,102,028.  While State witnesses testified that the abatement Plan will require twenty years, the Court found that “…the State did not present sufficient evidence of the amount of time and costs necessary, beyond year one, to abate the Opioid Crisis.” Oklahoma ex rel. v. Purdue Pharma L.P. et al at 41.

In a news release, counsel for Johnson & Johnson stated that it is confident that it has strong grounds for an appeal of Oklahoma’s opioid decision. This decision is expected to influence the settlement talks taking place in Ohio currently related to thousands of pending lawsuits against twenty-two opioid manufacturers and distributors, including Purdue.

cyber breach artworkHIPAA concerns, established in 1996 and evolving ever since, continue to be a very real compliance concern for healthcare providers. As an example, last year HHS collected $28.7 million from providers of healthcare services and payers for responses to HIPAA data breaches that HHS considered inadequate.

According to Modern Healthcare, this is $5.2 million over the prior high for settlement and penalties reported in 2016.  The data for 2018 may be skewed by the $16 million settlement by Anthem for a breach involving approximately 79 million people. That breach occurred in 2015, and the settlement was record-setting for the Office of Civil Rights.

Changes being discussed by HHS include the possibility of sharing a percentage of civil monetary penalties or monetary settlements with affected individuals; revisions to HIPAA rules that facilitate the additional information demanded by coordinated care, outcome-focused care and value-based payments; and reconciliation of behavioral health care’s 42 CFR Part 2 rules with HIPAA.