Outlook 2024: AI Risks Start to Come Into Focus; Eyes Are on MA Rule, Telehealth Audits

As the use of artificial intelligence (AI) in the administration of health care increases this year, compliance officers should keep an eye out for its evil twin. AI may make it easier for threat actors to evade some of the protections against cyberattacks even as it promises to improve efficiency and compensate for staff shortages.

The thrills and chills of AI will be a focus of 2024, experts say. There’s been a lot of movement in the use of AI platforms to power medical coding, and “2024 will be a watershed moment,” said attorney Kyle Gotchy, with King & Spalding in Sacramento. “A lot of compliance and legal considerations are wrapped up in that.”

At the same time, cybercriminals will increasingly exploit AI to make it harder for health care organizations to thwart phishing, said Barry Mathis, a principal at PYA. “Generative AI will be getting into the cybersecurity world,” he predicts. “2024 will be the year of ‘don’t trust anything and verify it twice.’” Threat actors will use deep fakes to mess with everyone’s heads. “As much as we are thrilled to pull up our phone and say, ‘Write me a country song about missing my wife,’ bad actors are using AI to create email that looks like it comes from the CEO asking for information from your W2,” Mathis said.

Although AI and cyberattacks are two of the more theatrical events on the horizon, many others will unfold (or continue) this year, according to compliance officers, attorneys and consultants. In 2024, the HHS Office of Inspector General (OIG) is expected to start releasing industry-specific compliance program content for various providers and suppliers on the heels of General Compliance Program Guidance (GCPG) it unveiled Nov. 6.[1] Hospitals are laser focused on whether there will be a material improvement in Medicare Advantage (MA) payments, processes and audits now that CMS’s rule on MA policy and technical changes took effect Jan. 1.[2] They also anticipate ongoing audits of post-acute care, cardiac procedures and other high-dollar areas. New price transparency rules took effect and more may be coming because of pending legislation, while the end of 2024 will close out certain telehealth flexibilities.

How much flex CMS will have in the future depends on a forthcoming decision from the U.S. Supreme Court about the fate of so-called Chevron deference. The way it stands, courts generally defer to agencies like CMS when a statute is ambiguous, but that’s being challenged in Loper Bright Enterprises vs. Raimondo, said attorney Andy Ruskin, with K&L Gates in Washington, D.C.[3] “The Supreme Court won’t throw out Chevron deference, but they may say, ‘We no longer should tell you that if a statute is not clear, any rationale an agency puts forward will be upheld as long as it’s not laughable,’” he explained. “The Loper case could really reach down to all interactions with CMS and regulated parties because it will go to what they can do through regulations or guidance. It’s really significant.”

In the enforcement arena, the knives are out for private equity and other investment funds involved in health care companies, experts said. Other targets include MA plans and remote monitoring, but the overarching FCA enforcement picture may be affected by a dissent in a U.S. Supreme Court decision (see story, p. 1).[4]

This document is only available to subscribers. Please log in or purchase access.
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field