Beyond Advance Directives: States Consider New Model for End-of-Life Decision Making


Sixteen states around the country have implemented a new model of advance directives – the Physician Orders for Life Sustaining Treatment (POLST) paradigm – while 27 more states are considering doing the same.  (View a map here.)  POLST provides health care providers with more concrete guidance when determining whether to provide medical interventions to critically ill patients.  Current advance directives are generally documents executed by the patient, while in the POLST model, the physician sets out the patient's wishes for end-of-life care in a written medical order with greater specificity regarding treatment options.  Because of the physician involvement, it is likely that POLSTs will be created for more patients than currently achieved with advance directives.  

Each state may implement a different POLST form to accomplish these goals.  Many are modeled after the POLST form implemented in Oregon, a leader in the development of POLST. 

Legal changes necessary to implement POLST may vary from state to state.  Implementation could come in the form of new state statutes specifically authorizing POLST, new state regulations, or, as suggested by advocates in Florida, obtaining feedback from relevant state agencies as to whether or not existing state statutes or state constitutions already allow physicians to implement POLST forms.

Tags: , ,

Leased Office Equipment Results in $1.2 million HHS Settlement to Resolve Possible HIPAA Violations


Leasing office equipment can provide businesses with many benefits, such as flexibility, favorable tax treatment, and access to the latest technology. However, leasing can also present an unexpected source of liability for entities covered by the HIPAA Privacy and Security Rules. A recent $1.2 million settlement between the U.S. Department of Health and Human Services (HHS) and a New York non-profit managed care plan highlights the importance of conducting a thorough review of the security risks and vulnerabilities of electronic equipment and systems.

A television network purchased a photocopier that had been previously leased by Affinity Health Plan. The network notified Affinity that the copier’s hard drive contained protected health information (PHI), which was apparently not deleted when Affinity returned the copier to its leasing agent. As required under the HITECH Breach Notification Rule, Affinity filed a breach report with the HHS Office of Civil Rights (OCR) and estimated that almost 350,000 individuals may have been affected by the breach.

As detailed in the August 7, 2013 Resolution Agreement, the OCR’s investigation found that Affinity impermissibly disclosed PHI by failing to erase the hard drives when the health plan returned multiple leased copiers. It also found that Affinity’s security analysis failed to take into account the information on the hard drives and that Affinity neglected to implement policies and procedures to prevent the disclosure of PHI when returning the leased copiers. Although the settlement was not an admission of liability, Affinity agreed to pay HHS $1,215,780 and implement a corrective action plan, which in part required Affinity to use its “best efforts” to locate all the hard drives in the leased copiers it returned and safeguard the PHI on the hard drives.

Equipment that is designed to retain electronic information presents special challenges when it comes to HIPAA compliance. It is readily apparent that laptop computers, smart phones, and flash drives are all devices that can store PHI, but it is probably much less obvious that a copier falls in the same category. This settlement provides an additional 1.2 million reasons to motivate a covered entity to perform a thorough security analysis to identify the risks of impermissible disclosures of PHI and to implement and follow appropriate policies, such as encryption or deletion, to protect against such disclosures. In light of the ever-increasing role that computer technology plays in their daily operations, covered entities need to be increasingly vigilant to ensure that protected health information is not unwittingly released.



U.S. Supreme Court tells Hospitals to Say: "Sorry Officer, I need a warrant to draw that patient's blood."


On April 17, 2013, the U.S. Supreme Court in Missouri v. McNeely ruled that in drunk-driving investigations where Law Enforcement Officers ("LEOs") can reasonably obtain a warrant before a blood sample can be drawn, the Fourth Amendment mandates they do so.

A.  The Fourth Amendment Protects Against Unreasonable Searches and Seizures

The Fourth Amendment to the U.S. Constitution states it is the "right of the people to be secure in their persons … against unreasonable searches and seizures."  

According to the Court, a warrantless blood draw is reasonable only if it falls within a recognized exception. Unfortunately for LEOs, the mere dissipation of alcohol in the blood stream is not a recognized exception. 

Therefore, LEOs who either: (a) bring a suspected drunk driver to the hospital; or (b) request a blood draw from a patient in emergency room, will need to: 

(1)  provide the hospital staff with evidence of a search warrant; or 

(2)  provide evidence that an exception to the warrant requirement exists. 

B.  What is a Valid Exception to the Warrant Requirement?

According to the Court, a valid exception to the warrant requirement involves in each case the existence of some additional "special facts," such as:

(1)  the LEO was delayed by the need to investigate an accident and transport an injured suspect to the hospital;  or

(2)  a judge cannot be contacted/reached for a warrant; or

(3)  there is some other life or death situation.

C.  How can a Hospital Comply?

Hospitals must review and revise any "legal blood draw" policies to require:

(1)  that someone in charge of the emergency department request to see (and document the existence of) a warrant for the blood draw; or  

(2)  someone in charge of the emergency department speak with a supervisor of the LEO to verify the existence of the "special facts" showing no warrant is needed; and 

(3)  the emergency department supervisor contact the risk management/legal services department or outside legal counsel to determine whether the "special facts" qualify for an exception to the Warrant Requirement.

Not complying with the new requirements is not an option. The time is now to review and revise policies and staff structure in the emergency department.

Tags: ,

EHR Meaningful Use Audits Come to Florida


As previously reported, the Office of Inspector General (OIG) for the Department of Health and Human Services (HHS) plans to audit healthcare providers that received incentive payments to adopt electronic health record (EHR) technology.  

We have now received reports confirming that certain provider entities have been audited in Florida regarding these EHR incentive payments.  The OIG targets payments made to providers under both the Medicare and Medicaid incentive programs.

The Medicaid auditors are requesting, among other information:

- Basic licensing and enrollment information;

- Excerpts from cost report worksheets and pages;

- Supporting documentation for EHR incentive payments received; 

- EHR Technology and Security Plan for Safeguarding Technology and Patient Information; and,

- Certification information for EHR software.

In addition, the auditors expect that providers have documented their compliance with program requirements via screen shots taken at the time of the provider’s attestation.  We have confirmed that auditors have asked some physicians to return incentive payments if such documentation is not available.  

What can providers do?

1.  Maintain detailed records relating to the implementation of EHR technology (and updates), including all documentation that supports data submitted in connection with the EHR incentive program.

2.  Periodically check the list of certified EHR products to confirm that your EHR technology is still certified.  Some products have been decertified.

3.  Work with compliance counsel to have your compliance program pre-audited to avoid surprises down the road.


Tags: ,

Florida Insurers Face September 1 Deadline for Consumer Notices about the Affordable Care Act


Earlier this year, the Florida Legislature passed a law requiring health insurers to tell consumers how much of any premium increase for 2014 is caused by various requirements of the Patient Protection and Affordable Care Act.  See Senate Bill 1842 at section 15, amending section 627.410, Florida Statutes.  Last week, the Financial Services Commission adopted a regulation that includes  a template for insurers to use when creating the new notices.  Insurers must use the template and then submit the resulting notices to the Office of Insurance Regulation for informational purposes by September 1, 2013.  

The notices must show the amount of premium increase that is due to the:

  • Cost of new benefits that the plan must offer;
  • Cost of covering pre-existing conditions;
  • New taxes and fees health plans must pay; and
  • Cost of charging the same for men and women and limiting how age can affect premiums.

Insurers must then send the notices to customers who purchase new or renewal individual or small group health insurance effective in 2014.  However, insurers need not provide the notices for plans that are "grandfathered" under the Act.  

The notice is required only for the first issuance or renewal of the policy on or after January 1, 2014, and the notice requirement will be automatically repealed on March 1, 2015.

Healthcare Employers Beware: OSHA Campaign Is Targeting You


On July 16, 2013, the Occupational Safety and Health Administration (OSHA) announced that it is launching a campaign that aims to protect healthcare workers from musculoskeletal disorders (MSDs) related to patient handling.  While this campaign expressly targets the District of Columbia and three nearby states, it is part of a broader campaign by OSHA, unions, and health worker advocates to put increased pressure on inspections in the healthcare industry.

A. Public Citizens' Report:

As part of this effort, the pro-union advocacy group Public Citizen released a July 17th report entitled: Health Care Workers Unprotected emphasizing that: 

(1)  OSHA inspects a disproportionately low number of healthcare entities; 

(2)  more injuries occur in the healthcare sector than any other; and 

(3)  OSHA lacks adequate standards to address healthcare industry-specific hazards related to safe-patient handling, workplace violence and bloodborne pathogens. 

B. Public Citizen's Recommendations:

Based on its Report, Public Citizen recommended that OSHA:

(1)  promulgate a safe patient handling standard to address ergonomic stressors and MSDs that requires the use of engineering controls, lift teams and mechanical lifting devices; 

(2)  promulgate a "zero-tolerance" workplace violence standard that: (a) promotes security plan development; (b) encourages prompt incident reporting; and (c) deters employer retaliation; and  

(3)  amend the current bloodborne pathogens standard to ensure that: (a) employees are consulted during the purchase of sharp objects; (b) that employers’ purchase the best available sharp needle technology; and (c) that employers comprehensively document and continually review all sharp device injury logs.

C. Reading Behind the Lines:

These union-backed efforts follow the release of an April 5, 2013, OSHA letter of interpretation, wherein the agency announced for the first time that employees may select outside union agents to represent them during non-union worksite inspections.

OHSA's April 5th interpretation will undoubtedly encourage unions to get involved in OSHA inspections in non-organized facilities as a means of gaining access to the facility.  

These OSHA developments provide an open door to many union organizers targeting the healthcare industry — an industry sought after by labor organizations in recent years.

Now more than ever, healthcare employers should engage in vigorous compliance with federal and state safety standards.


Avoiding ACA Fraud: Proving Individual Eligibility for Tax Subsidies Available Through Insurance Exchanges in 2014 and Beyond


Under the Affordable Care Act (ACA), certain low- and moderate-income people will qualify for health insurance tax credits beginning in 2014.  The tax credits will be jointly administered by the Internal Revenue Service (IRS) and Department of Health and Human Services (HHS) through the insurance exchanges.  The first open-enrollment period for the exchanges, and thus the first opportunity for individuals to apply for any available tax credits, begins on October 1, 2013, for health coverage that will become effective on January 1, 2014.  A governmental publication issued on August 5, 2013, clarifies the approach that will be taken to thwart fraudulent requests for these tax credits. 

Eligibility for Tax Credit.  U.S. citizens or lawful residents of the U.S. with modified adjusted gross income of between 100-400 percent of the federal poverty line may be eligible for tax credits/subsidies in certain circumstances.  Eligible individuals would have to obtain their health insurance through an ACA exchange, and they must not be enrolled in their employer-sponsored group health plans.  That said, individuals could retain eligibility for a subsidy even if they have access to employer-provided health coverage, but choose to decline it in favor of exchange coverage, so long as that employer-provided coverage is "unaffordable" or does not provide minimum value. The amount of any available tax credit amount will vary based upon actual income levels, as well as available exchange health plan premium costs. 

Substantiating Income Levels to Verify the Amount of Tax Credit. Income eligibility for subsidies will be based on the previous year's income tax returns or certain other documentation such as pay stubs, if no tax form is available.  Centers for Medicare & Medicaid Service (CMS) is a federal agency within HHS.  CMS issued guidance in the form of a two-page question and answer memoranda confirming that for all states utilizing Federally-facilitated exchanges in 2014, all applications for health insurance subsidies, rather than just a random sample of such applicants, will be verified prior to receiving any subsidy.  CMS indicated that in general, for those exchanges, reported income levels within subsidy applications will be confirmed against tax records, Social Security records, or other means such as electronic wage reports supplied by Equifax.   Additionally, CMS reminded applicants (even those in state-run exchanges) that they will be attesting, under penalty of perjury, that they are not providing false or fraudulent information in seeking subsidies. 

Mechanics of Tax Credit.  Applicants for the premium tax credit must affirmatively elect to receive the premium tax credit in advance, if so desired.  This means that exchange participants who are eligible for a subsidy do not necessarily have to wait until their taxes are filed to receive the subsidy for a given year.  This option is anticipated to be popular, given that many people with moderate income may feel financially unable to "front" the full premium amounts.  Individuals requesting their tax credit in advance for 2014 would pay only their allotted portion of the monthly premium costs to their insurer, with the government directly remitting the balance.  Of course, the risk of this approach is that individuals would face repayment obligations if their actual income levels exceeded original projects. Therefore, if applicants prefer to wait until their actual 2014 annual income levels are known, they can remit full premiums to insurers throughout 2014, and then claim their known tax credits when they file their federal taxes for that year.

Reconciliation Process.  Because initial premium tax credit availability is based upon the previous year's income levels, the rules provide for a reconciliation process at the time that the person files a tax return for the year in which the tax credit is received. For the initial 2014 year, this means that any overpayment will be due at the time taxes are filed (in 2015). Conversely, if an individual's income level for 2014 was actually lower than projected, an additional credit would be included within his or her tax refund for 2014.

Directing Individuals to Appropriate Resources.  Employers, group health plan sponsors, and healthcare providers will not be directly involved in the ACA's exchange-based tax subsidy process, or in the income verification process associated with those subsidies.  However, employers are already preparing to transmit Exchange Notices to their employees in advance of the upcoming October 1, 2013 deadline, and should reasonably expect to receive general questions related to the exchanges and potential tax subsidies that may be available to members of their workforce. Employers may wish to direct inquiring persons to some of the many available "premium subsidy calculators" available on the internet.  Also, outreach efforts to affected low income populations by state and federal government agencies is expected to intensify, as we approach the first open enrollment period for the exchanges.

Physician Face-to-Face Encounter Now Required by Medicare for Extensive List of DME Items


Physicians and Durable Medical Equipment (DME) suppliers need to be aware that, effective July 1, 2013, and to be enforced as of October 1, 2013, Medicare requires a physician/patient face-to-face encounter within 6 months prior to the physicians order for an item on an extensive DME list. This type of face-to-face encounter has been required since 2006 for power wheel chairs. This change for DME was first mandated by Section 6407 of the Affordable Care Act. The DME includes hospital beds and accessories, oxygen, nebulizer compressors, CPAP/BiPAP, seat lift mechanisms, manual wheelchairs and others, as noted on the revised DME list issued by the Department of Health and Human Services Centers for Medicare & Medicaid Services (CMS). CMS, through its contractors, will no doubt be conducting future audits and issuing overpayment determinations for failure to comply with these new requirements.
The face-to-face encounter may be conducted by a physician, nurse practitioner ("NP"), physician assistant ("PA") or clinical nurse specialist ("CNS"), who must document that the patient was evaluated and/or treated for a condition that supports the item of DME ordered. If the DME is ordered by an NP, PA or CNS, a physician must document the face-to-face encounter by signing/co-signing the pertinent part of the medical record. Physicians will be provided an additional payment, using code G0454, for signing/co-signing the face-to-face encounter by a NP, PA or CNS.

Tags: ,

HIPAA Update- A Mixed Bag for Covered Entities


System Upgrade?

On July 11, 2013, the Department of Health and Human Services Office of Civil Rights (OCR) announced that it had reached a $1.7 million settlement with managed-care company Wellpoint, Inc., to resolve "potential" violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules.  The settlement arises out of a computer system upgrade that left the electronic protected health information (e-PHI) of over half a million people accessible to unauthorized individuals.

OCR investigated the breach of unsecured e-PHI after Wellpoint notified the government of the incident.  OCR found that for 4 ½ months in 2009 and 2010 Wellpoint did not adequately implement technology to verify the identity of persons seeking access to e-PHI maintained in its web-based application database.  As a result, Wellpoint impermissibly disclosed the e-PHI, including names, dates of birth, Social Security numbers, and health information, of approximately 612,000 individuals whose e-PHI was maintained in the database.  OCR also faulted Wellpoint for failing to adequately implement policies and procedures for authorizing access to e-PHI maintained in its web-based database and for not performing an appropriate technical evaluation in response to the systems upgrade to verify the authentication protections in the upgrade.  The Resolution Agreement does not require Wellpoint to enter a corrective action plan.   

As OCR says in its press release, this case "sends an important message to HIPAA-covered entities to take caution when implementing changes to their information systems, especially when the changes involve Web-based applications or portals that are used to provide access to consumers' health data using the Internet."  Business associates and their subcontractors also need to pay attention because, effective September 23, 2013, this warning will also apply to them.

Update on Faircloth v. Adventist Health System/Sunbelt , Inc.

As previously reported on this blog, a former patient in Florida filed a class action suit against a hospital arising out of an alleged wrongful disclosure of patient information.  On July 3, 2013, the judge in Faircloth v. Adventist Health System/Sunbelt, Inc. dismissed the case, finding that Mr. Faircloth's claims were non-starters in federal court.

Faircloth filed his class action lawsuit in federal court alleging that the hospital failed to protect his and other patients' sensitive health information, and thereby violated the hospital's own privacy policies and HIPAA.  However, Faircloth alleged state law claims such as breach of contract, breach of implied contract, unjust enrichment, and breach of fiduciary duty.

The court held that although Faircloth alleged that the hospital violated HIPAA, his case was really based on state law claims and, therefore, there was no basis to be in federal court.  While HIPAA might be the standard of care a health care provider must meet to protect the privacy of patient information, in this case, that standard was merely an element of Faircloth's state law claims.  The judge also repeated what many other courts have said: HIPAA does not create a private cause of action.  The court did not address whether there was a sufficient basis for a class action suit. Also, the court's ruling does not prevent Faircloth from trying to re-file in state court.

Stay tuned because privacy and security breaches like the one experienced by Wellpoint are sure to create litigation opportunities like the Faircloth case, even where the individual does not suffer any quantifiable damages.  Providers and insurers should be alert to the possibility of future civil litigation when they experience a HIPAA breach.

Inpatient or Outpatient Surgery: False Claims or Legitimate Difference in Medical Judgment?


It can be financially costly for hospitals to submit claims for inpatient surgical procedures which can be performed safely and effectively as an outpatient procedure.

The Department of Justice recently announced a settlement in which 55 hospitals in 21 states agreed to pay a total of $34 million for performing kyphoplasty procedures on an inpatient basis rather than as an outpatient procedure.  Kyphoplasty is a surgical treatment for spinal fractures. The procedure can be performed safely as an outpatient procedure, without any need for a costly hospital admission.

Over an extended period of time, Kyphon, Inc., a medical device maker which manufactured a device used in the kyphoplasty procedure, approached numerous hospitals and urged them to admit patients for what traditionally had been an outpatient procedure, so that the hospitals could bill higher facility fees and for other inpatient charges.  Not every hospital approached by Kyphon agreed to the scheme. Some hospitals were outraged and called Kyphon to complain.

But many hospitals did seize on the opportunity to generate additional revenue by admitting patients and having the procedure performed on an inpatient basis.  Those hospitals which succumbed to Kyphon's marketing efforts and performed the procedure on an inpatient basis were forced to pay substantial dollars to settle the government's false claims allegations.

An attorney for the whistle-blowers who initiated the lawsuit said the case "sends a strong message to hospitals, that if you admit patients purely for revenue purposes, the government may catch up with you, and you'll have to pay that money back and then some."

A spokesperson for the American Hospital Association had a different view, urging the government not to use its enforcement power to prosecute the industry for "billing mistakes or legitimate differences in medical judgment."

Tags: ,

Attention Physicians: Your Unsinkable Arbitration Agreement is About to Hit a Glacier


On June 20, 2013, the Florida Supreme Court held in Franks v. Bowers that a medical practice's custom pre-surgery binding arbitration agreement (the "Agreement") was unenforceable because it violated key public policy objectives of Florida's Arbitration Code as well as Florida's Medical Malpractice Act. 

A. What went wrong?

In short, the Agreement was too one-sided. It sought to compel arbitration, limited damages, and removed key requirements imposed on the physician, such as the requirement to admit fault. In other words, too much of a good thing … really wasn't a good thing.

B. It's about the give as well as the take…

The essence of the Court's position was two-fold: (1) that language which contravenes the Medical Malpractice Act's public policy purposes of equity, expediency, and cost minimization may be rendered unenforceable; and (2) that any contract which seeks to enjoy the benefits of the Florida's Arbitration Code, must necessarily adopt each of the Arbitration Code's provisions (and not merely cherry pick the beneficial ones). Paraphrasing Justice Pariente's concurring opinion: If an agreement causes a person to give up the benefit of the right to access to court, such as in binding arbitration, then the person giving up that right must receive an "equal" benefit in return.

C. What should the agreement include, or not include?

While stopping short of developing a structured checklist for each arbitration agreement, the Justices have provided a clear list of do's and don'ts:

DO: Review your current arbitration agreement against Florida's Arbitration Code to ensure that it includes and/or addresses all relevant components. 

DON'T: Attempt to limit the key provisions of Florida's Medical Malpractice Act. These key provisions include:

  1. The relaxed evidence standard; meaning, don't attempt to draft language which seeks to limit the discoverable/admissible evidence in the arbitration hearing; 
  2. Key responsibility and damage provisions, such as the concept of joint and several liability—a provision which extends total damages to each of the several potential defendants to be sorted out between them;
  3. The requirement to pay the arbitration award in a prompt, expedient manner;
  4. The interest penalties for failing to promptly pay an arbitration award; or
  5. The ability of an judge or panel of judges to review the arbitration award upon the showing of some grave injustice (termed by the courts as "manifest injustice").

Those reluctant to revise their current agreements, should take heed: The Court appears clearly opposed to any attempt to impede the "prompt resolution of claims to reduce costs." Therefore, any language that seeks to limit the physician's admission of guilt may have you explaining your case before a jury of your peers. Consider yourself warned: The glacier lies ahead.

Affordable Care Act Update: Pay or Play Delay, and What Does it Say Today?


Late Tuesday afternoon, July 2, 2013, the federal government issued a statement through the US Department of the Treasury, announcing that the controversial employer shared responsibility provisions, coined the 'pay or play' provisions of the Affordable Care Act (ACA) have been delayed for one year.  This pushes the enforcement date of this provision from January 1, 2014 to January 1, 2015.  This portion of the ACA requires employers with greater than fifty (50) employees to either provide health insurance that the employees can afford, or pay a penalty to the federal government for failing to do so.
The release from Mark Mazur, Assistant Secretary of the Treasury for Tax Policy, reads, in part,  as follows:
The Administration is announcing that it will provide an additional year before the ACA mandatory employer and insurer reporting requirements begin.  This is designed to meet two goals.  First, it will allow us to consider ways to simplify the new reporting requirements consistent with the law.  Second, it will provide time to adapt health coverage and reporting systems while employers are moving toward making health coverage affordable and accessible for their employees. 
Mr. Mazur goes on to state that within the next week, the Department of the Treasury will publish formal guidance regarding this change. 
While every political commentator with a pulse has weighed in since this announcement, this provision is not as significant as it first seems.  There are approximately 6 million employers in the United States.  Of those, approximately 200,000 employ more than 50 individuals.  Of that group, approximately 90% to 95% of them already offer health insurance to their employees.  This requirement would affect none of these employers. Rather, only approximately 10,000 employers nationwide would have been impacted by the requirement to offer health insurance. 
While the employer pay or play requirement is not insignificant, it does not affect nearly the numbers of individuals nationwide as other provisions of the ACA. Those other relevant portions of the ACA have not, at least as of yet, been delayed. For example, the provisions that create insurance exchanges in 2014, remain in effect and stand to influence the health care coverage and costs for millions of people.  Also, the individual mandate remains untouched, and it also will impact millions of Americans.  That said, yesterday's announcement does raise some practical questions about how the government will enforce the individual mandate without any reporting mechanism for employers effective for 2014.  Moreover, many commentators have questioned whether the state and regional insurance exchanges will be ready to begin operations as of January 1, 2014, as currently required by the ACA.  It would not be surprising to see the government announce a similar one-year delay in implementation of the individual mandate and the insurance exchanges.  
For more information about the announcement, please see the HR Defense Blog


ACA Cap on Deductibility of Compensation to Health Insurance Carriers' Executives May Have Broad Tax Impacts


Health insurance carriers are keenly aware of many provisions of the Patient Protection and Affordable Care Act ("ACA"). But an often-overlooked ACA provision may actually impact the ability of these insurers and their non-insurance related entities, in their role as sophisticated employers, to take tax deductions for certain compensation paid to their executives.  This change results from the addition of new Section 162(m)(6) of the Internal Revenue Code ("Code"). New Section 162(m)(6), which generally applies for employer tax years beginning in 2013, has a much broader reach than the general deduction limit under Code Section 162(m).  

Past Rules. In general, Code Section 162(m) has limited the amount that a publicly held corporation may deduct for compensation paid to the executive officers named in the proxy statement (i.e., the top five executives) to $1 million per year per executive, with certain exceptions (e.g., performance based compensation). 

New Rules. In contrast, the new Code Section 162(m)(6) applies only to certain health insurance carriers (including HMOs) and their related companies.  It applies regardless of whether the company is public or private, it significantly lowers the cap on the deductible compensation amount to $500,000 per individual and makes no exception for performance-based compensation. It also is not limited to the top five executives; it is applicable to all current and former employees and may apply to some independent contractors.

Companies Subject to New Rules. Health insurance carriers of all sizes are impacted.  Furthermore, the law extends to any employer within a controlled group (regardless of industry) that includes a health insurance carrier.  As a result, this new Code Section 162(m)(6) could have a far reaching impact on many companies who have any sized health insurance entity within their controlled group, and could be a trap for the unwary.  There is an exception to this expansive scope, however.  The rules provide an exemption for certain employers if the employer and members of its parent-subsidiary controlled group collectively meet a "de minimis" standard. To meet this standard for any given tax year beginning in 2013, all health insurance premiums received for providing minimum essential coverage (i.e., group or individual medical coverage needed to satisfy the individual coverage mandate under ACA) must comprise less than 2% of the employer's controlled group's aggregate gross revenue for that year.

Next Steps.  This law is effective for the  current 2013 tax year.  Health insurance carriers and their related companies need to expeditiously consider whether they are covered under Code Section 162(m)(6), as there could be significant tax ramifications.  If you have any questions about these new requirements please feel free to contact any of the attorneys in our Employee Benefits and Executive Compensation practice group.

Supreme Court Rules Pharmaceutical "Pay For Delay" Agreements Are Subject to Anti-Trust Review


The Supreme Court struck a blow for consumers when it ruled the Federal Trade Commission may file suit to prevent pharmaceutical companies from agreeing to pay generic drug manufacturers to keep generic drugs off the market for a specified period of time. Federal Trade Commission v. Actavis, Inc. (June 17, 2013).

The Court ruled that "pay for delay arrangements" or "reverse payments" (payments by a patent holder to an alleged patent infringer for the purpose of keeping the allegedly infringing drug off the market) can have a significant adverse effect on competition and must be reviewed under the "rule of reason" antitrust doctrine to determine if the  arrangement is sufficiently anti-competitive so as to be illegal.

In this case, Solvay Pharmaceuticals had obtained a patent for its FDA-approved brand-name drug, AndroGel.  Subsequently, Actavis, Inc. and Paddock, another drug manufacturer, filed applications for generic drugs modeled after  AndroGel.  In its application, Actavis claimed that Solvay's patent was invalid and that its generic drug did not infringe.  Solvay sued Actavis for patent infringement.

During the pendency of the patent litigation, the FDA approved Actavis' generic product.  Rather than bringing its generic drug to market, Actavis entered into a "reverse payment" settlement agreement with Solvay, pursuant to which Solvay paid substantial amounts to Actavis in exchange for Actavis' agreement not to bring its generic drug to market for a specified number of years.

The FTC filed suit, alleging that the settlement agreement was an unlawful restraint of trade.  The District Court dismissed the FTC's suit, and the Court of Appeals upheld the District Court's decision, concluding that, as long as the anti-competitive effects of the settlement fell within the patent's exclusionary potential (i.e., the settlement agreement would not keep the generic drug off the market for longer than the period of patent protection), the settlement was immune from antitrust attack.

The Supreme Court reversed, holding that, in addition to considering the benefits derived from settlement of a pending patent litigation, the settlement arrangement must also be reviewed in light of antitrust law and policies favoring competition.  More specifically, the Court considered various factors present in this case, including the potential for genuine adverse effects on competition, the fact that a large, unexplained reverse payment suggests the patent holder has doubts about the validity of its patent, and the fact that the parties could settle their dispute   otherwise than by means of a large reverse payment (i.e., the parties could agree that the generic manufacturer could enter the market prior to the patent's expiration).  Taking these factors into account, the Court ruled that the arrangement should be subject to antitrust analysis under the "rule of reason" to determine if the anticompetitive effects outweighed potential benefits of settlement.

The Court's decision is strongly pro-competitive.  It should result in more competition among pharmaceutical manufacturers, and, ultimately, lower drug prices.  A former FTC policy director, in a comment to the New York Times, noted the importance of the decision, saying,  "no other [Supreme Court] decision this term will have as much impact on consumers' pocketbooks."

Health Information Security and the Threat of a Class Action


Stanford University Hospital recently reported that its patients' unencrypted protected health information (PHI) was compromised when a laptop was stolen from the hospital. This should have healthcare organizations evaluating and enhancing efforts to secure patient information. These incidents can form the basis for class action lawsuits, even though the Health Insurance Portability and Accountability Act of 1996 (HIPAA) does not create a private right of action for violation. Indeed, in 2011 Stanford was sued in a putative class action for $20 million in connection with an alleged data security breach.

Healthcare IT News reported on June 13, 2013, that  Stanford University's Lucile Packard Children's Hospital is notifying nearly 13,000 patients that their health information was compromised as the result of the theft of a hospital laptop. The laptop reportedly contained patient names, ages, medical record numbers, surgical procedures, names of involved doctors and phone numbers. This is the fifth major HIPAA data breach at a Stanford facility since 2010.

In January 2013, Stanford notified 57,000 patients of a HIPAA breach after an unencrypted laptop containing patient medical information was stolen from a physician's car. Last year, Stanford notified 2,500 patients of the same type of problem when an unencrypted computer was stolen from a doctor's office. In 2010, an employee stole a computer with 500 patients' confidential information; Stanford was fined for allegedly reporting that outside of a state-mandated five-day time frame. Also in 2010, private information for 20,000 Stanford patients was posted to a student website, which resulted in a class action lawsuit seeking $20 million.

Patients and insureds who believe their PHI has been compromised are suing health providers, insurers and other organizations using various theories, including breach of contract and negligence. For example in federal court in Miami, individuals have sued an HMO claiming that their PHI was compromised when two laptops were stolen. That suit, brought as a putative class action, has been pending since 2010. The case involves claims of breach of contract, breach of implied contract, breach of implied covenants, negligence, negligence per se, breach of fiduciary duty and unjust enrichment.

As previously reported in the Akerman Healthcare Rx Blog, a patient filed a class action suit in federal court in Orlando against a hospital that employed two individuals who wrongfully accessed confidential patient information in order to sell it. The patient claims the hospital failed to implement proper safeguards required by HIPAA and has sued on behalf of an alleged class for breach of contract, breach of implied contract, unjust enrichment and breach of fiduciary duty.

Because the theft of PHI and equipment containing PHI is a common source of HIPAA violations, healthcare providers, insurers/HMOs and other organizations in possession of PHI must take appropriate security measures to comply with HIPAA and to reduce the risk of class action lawsuits. This includes completing a risk analysis, developing a written policy and training employees. These entities also should implement device and media controls, such as keeping computers, laptops and other equipment in secured areas, encrypting equipment, and placing tracking on equipment that contains or can access confidential information. Healthcare providers and health insurers are on notice that in addition to facing enforcement actions by the government, they are potential defendants in class action suits if they fail to appropriately secure and protect confidential patient information.  Finally, if PHI has been compromised, the organization should consider providing identity theft protection to all individuals whose may have been affected. Regulatory enforcement agencies may require that the entity offer such protection to these individuals, and preemptively offering it may allow the organization to structure such protection on terms that are more favorable.

Tags: , , , ,

Useful Resources