Akerman Insights on the Latest Developments in Healthcare Law. Akerman's Health Law Rx blog provides timely updates on the latest health law issues to keep our clients, friends, and readers up to date on pertinent legal developments.
The Department of Justice announced on June 27, 2019 that David Brock Lovelace, the owner of DBL Management LLC, was found guilty by a federal jury in the U.S. District Court for the Middle District of Florida of conspiracy to pay healthcare kickbacks and structuring currency transactions to avoid reporting requirements. According to the evidence at trial, Lovelace was paid by a clinical laboratory company for each DNA swab he arranged to be referred to the laboratory. To obtain DNA swabs, the evidence indicated that Lovelace paid kickbacks and bribes to medical clinics located in Miami, Florida in exchange for the referral of swabs obtained from Medicare beneficiaries, without regard to medical necessity. According to the Department of Justice, the clinical laboratory billed the Medicare program over $2.2 million in claims and paid Lovelace a percentage of the Medicare reimbursement it received. Mr. Lovelace is expected to be sentenced on October 2, 2019.
Mr. Lovelace had been convicted previously, in December of 2015, of healthcare fraud, wire fraud, and money laundering, according to an announcement by the Department of Justice dated March 7, 2016. Trial evidence showed that he and co-conspirators paid illegal kickbacks in exchange for access to Medicare patients and Medicare patient information used in the fraud scheme, used forged and falsified documents in the Medicare enrollment process to enroll medical clinics, and billed Medicare for services that had not been rendered by physicians. Lovelace was sentenced to 14 years in prison and ordered to pay $2.5 million in restitution.
There were two phases to the schemes in these two cases. In the first phase of the scheme, from November 2013 to May 2014, the evidence at trial showed that Lovelace paid kickbacks directly to clinic owners. In order to conceal his payment of illegal cash kickbacks, the evidence showed that Lovelace would travel to different ATMs and bank branches throughout Southern Florida to make withdrawals of thousands of dollars in cash in order to avoid filing currency transaction reports required by the U.S. Department of Treasury for individual withdrawals of over $10,000.
In the second phase of the scheme, from May 2014 to November 2014, after his arrest on other charges, Lovelace established shell marketing companies and conspired with nominee owners to facilitate the collection of DNA samples, to make payment of kickbacks to providers, and to receive illegal proceeds from a clinical laboratory. According to the Department of Justice press release, one clinical laboratory was reported to have submitted over $2.2 million in claims for genetic testing and paid Lovelace a percentage of collections received.
It should come as no surprise that healthcare fraud continues to occur even while the federal Medicare Fraud Strike Force is vigorously investigating, charging, and prosecuting individuals and companies engaged in illegal activities. But it should be noted that Mr. Lovelace changed his business model several times. He initially began by submitting false and fraudulent claims to Medicare from three purported medical clinics. When detected, he began employing a laboratory marketing scheme to conceal his fraudulent activities.
Individuals who knowingly and willfully commit healthcare fraud, money laundering, and other related crimes are developing sophisticated and deceptive schemes to accomplish their objectives. In some cases, the provider is not complicit and may be unaware of the criminal enterprise, but may have unwittingly provided information or specimens used to defraud governmental or private payors.
The schemes in the cases described above involved multiple business models and multiple entities with nominee owners to disguise the true nature of the criminal enterprises. In many schemes involving healthcare fraud, there are red flags which should be recognized by providers with a robust compliance program. But con artists can be very disarming and convincing. Providers should consult with their health law attorney before entering into any new arrangement, regardless of whether there is any indication of impropriety.
Governor Desantis recently signed House Bill 831, which will require certain healthcare practitioners to “electronically transmit prescriptions”. Unfortunately, the legislature left this term undefined, creating some ambiguity as to what the law requires. While the legislature likely intended this law to require “electronic prescribing,” the statute does not say that, and therefore the term “electronically transmit prescriptions” could also be interpreted to include the common practice of faxing prescriptions and possibly (encrypted) e-mailing as well.
Florida law had already defined the term “electronic prescribing” in Section 408.0611, FS. Electronic prescribing is defined as:
at a minimum, the electronic review of the patient’s medication history, the electronic generation of the patient’s prescription, and the electronic transmission of the patient’s prescription to a pharmacy. Section 408.0611, FS.
The requirement that practitioners electronically transmit prescriptions only applies to healthcare practitioners licensed by law to prescribe (MDs, DOs, APRNs, PAs, podiatric physicians, dentists, and optometrists) and who:
Maintain an electronic health records (EHR) system; or
Prescribe medicinal drugs as an owner, employee or contractor of a licensed health care facility or practice that maintains an EHR system
This requirement will apply to practitioners at hospitals, healthcare clinics, ambulatory surgical centers, and other licensed facilities which have EHR systems. It is less clear when it applies to practitioners in unlicensed locations with EHR systems (such as exempt healthcare clinics) as well as other entities that may or may not qualify as a “practice.” Clearly, practitioners that use paper medical record systems only will not have to comply.
There are a host of exemptions to the electronic transmission requirement. It does not apply to:
Prescriptions that cannot be transmitted electronically under NCPDP SCRIPT standards
Practitioners granted a one-year waiver by the Department of Health
Practitioners that reasonably determine that it would be impractical for the patient to obtain the drug in a timely manner and that it would adversely impact the patient’s health
Practitioners prescribing drugs under a research protocol
Prescriptions for drugs which FDA requires the prescription to contain elements that may not be included in electronic prescribing
Prescriptions for hospice patients or residents of nursing homes, or
Prescriptions when the prescriber or patient determines that it is in the patient’s best interests to compare prices among area pharmacies and the prescriber documents this in the medical record
The Department of Health, in consultation with the relevant healthcare practitioner boards, may adopt rules implementing the law.
Pharmacists and pharmacies will generally not know if prescribers have an EHR system or meet one of the eight exemptions, above. Thus, pharmacies will need to continue to treat paper prescriptions as valid after the law becomes effective. Presumably, this law does not affect oral prescriptions called in to a pharmacy, but we may have to wait for guidance on this point.
The law takes effect January 1, 2020, but it applies to practitioners on the earlier of their license renewal or July 1, 2021.
The Florida Legislature recently passed HB 369 (the Bill), which would tweak an important provision of the Florida Patient Brokering Act, Section 817.505 of the Florida Statutes (Patient Brokering Act). It seeks to clarify the exception to the Patient Brokering Act which incorporated by reference the criminal provisions of the federal Anti-Kickback Statute (42 U.S.C. S1320a-7b(b)) pertaining to illegal remuneration) (the AKS) and its safe harbor regulations. But the attempt to clarify the exception may have made it less clear.
The applicable exception in the Patient Brokering Act currently states that:
“(3) This section shall not apply to: (a) Any discount, payment, waiver of payment, or payment practice not prohibited by 42 U.S.C. s. 1320a-7b(b) or regulations promulgated thereunder.”
The revision in the Bill enacted by the Legislature on May 3, 2019 states that:
“(3) This section shall not apply to the following payment practices: (a) Any discount, payment, waiver of payment, or payment practice expressly authorized by 42 U.S.C. s. 1320a-7b(b)(3) or regulations adopted thereunder.”
So, what does the change mean? And why was the language changed?
The Summary Analysis of the Bill states that it “[c]larifies the application of the patient brokering statutes to certain payment practices…” Unfortunately, it does not accomplish this objective. The current phrase “not prohibited by [the federal Anti-Kickback Statute]” is somewhat vague in that the federal AKS is intent-based. To determine whether a business or payment practice is “not prohibited”, one would need to analyze the intent of the parties and attempt to apply extensive federal case law to the specific facts and circumstances. But the reference to “or regulations promulgated thereunder” incorporates the federal safe harbor regulations. One interpretation is that if conduct meets the criteria of an applicable federal safe harbor regulation, it will not violate the Florida Patient Brokering Act.
The change to “payment practices”…”expressly authorized [emphasis added] by [the federal AKS]” renders the exception less clear in that the AKS is a criminal statute which prohibits certain business and payment practices. The AKS does not expressly authorize any business or payment practices.
The safe harbor regulations adopted under the AKS describe business and payment practices which would not be subject to criminal prosecution under the AKS. They too do not expressly authorize business or payment practices. In light of the expansive language in the AKS and broad prosecutorial discretion, the safe harbor regulations were adopted to describe business and payment practices that, although they potentially implicate the AKS, would not be treated as a criminal offense under the statute.
The Committee Analysis raises another issue when it states that “[t]he federal provisions only apply to federally funded programs,…” The statement raises the question whether the federal safe harbor regulations to the AKS, by being incorporated into the Patient Brokering Act, apply to business and payment practices applicable to private insurance payors. The Staff Analysis suggests that the safe harbor regulations to the AKS incorporated into the Patient Brokering Act do not apply to patient brokering related to private insurance policies and coverage. The Court in State v. Kigar, No. 16-CF-10364 (Fla. 15th Cir. Ct., Jan 31, 2019) recently held that the AKS, including its mens rea standard, was incorporated by reference into the Patient Brokering Act. The Staff Analysis to the Bill indicated that this decision results in “uncertainty on whether [the Patient Brokering Act] will apply to private insurance-related patient brokering…” Unfortunately, the revisions to the Patient Brokering Act contained in the Bill do not serve to clarify this issue.
If a provider treats patients under both federally-funded programs and patients with private insurance, would the provider be immune from criminal prosecution under federal law but subject to prosecution under the Patient Brokering Act for the same business or payment practice? The Florida Supreme Court has already reviewed a similar issue in the conflict between the Florida Medicaid Anti-Kickback Statute and the federal AKS and determined that the doctrine of implied conflict preemption applies where it is impossible to comply with both the state and federal regulations or where the state law is an obstacle to accomplishing the full purpose and objectives of Congress. [State v. Harden, 938 So.2d 480 (Fla. 2006), cert denied, 127 S.Ct. 2097, 167 L.Ed.2d 812 (2007)]. It should be noted that the Harden case involved a conflict between the Florida Statute governing Medicaid, a joint federal/state program, and the federal AKS which applies to the same program.
While the overall objectives of the Bill may be laudatory, the change to the Patient Brokering Act does not provide clarity to providers seeking to comply and prosecutors and payors seeking to enforce the law. Courts in adjudicating issues raised by litigants may ultimately determine whether the revision has clarified the Patient Brokering Act or whether the Act has raised additional issues in its application to providers who endeavor to comply with both the AKS and the Patient Brokering Act. The Bill was approved by the Governor on June 27, 2019 and takes effect on July 1, 2019.
The Georgia Legislature recently passed House Bill 321 (the Act) adding a new code section (O.C.G.A. §31-7-22), which imposes significant financial and business transparency requirements on certain hospitals in Georgia, including non-profit hospitals. Beginning October 1, 2019, non-profit hospitals operating in Georgia will be required to post links in a prominent location on their homepages. These links must direct the individual to a plethora of detailed information, including, among other items, audited financials, Form 990’s, the salaries and fringe benefits of the facility’s ten highest paid administrative positions and notably, each facility’s completed annual hospital questionnaire. Posting the annual hospital questionnaire will provide an easy to access record on the facility’s populations served, services provided, outcomes, payment sources and staff employed. This information was previously available through a complex database on the Georgia Department of Community Health’s website. Now, it will be available to every visitor to the hospital’s website advancing transparency and setting the stage for increased accountability. Transparency is being embraced at the federal level as well – an executive order is expected to be issued this month to compel disclosure of healthcare prices.
The passage of the Act and the anticipated executive order should be viewed by non-profit hospital boards as a harbinger of future initiatives and an opportunity to adapt their governance systems to best practices in advance of mandates. Over the last twenty-five years, we have seen the fiduciary expectations of directors dramatically expanded by legislation, case law, regulatory action and stakeholder demands. To date, this increased accountability and scrutiny has applied primarily to the boards of public companies, but with the push for increased transparency in non-profits, including hospitals, and with the enactment of the Act, these obligations will likely be imposed on the boards of non-profits as well. Hospital boards should take steps now to implement improved governance practices both to effectively serve the institutions that they are entrusted to oversee (studies have shown that good hospital board governance results in superior performance metrics) and to shield their members from potential fiduciary vulnerabilities.
For years, hospital operations have faced increased regulations and compliance demands, but thus far, the demands have remained below the board “firewall.” Thus, trustees and directors have not borne direct accountability. Historically, public companies regulation was largely the same. Prior to the Enron collapse and enactment of the Sarbanes-Oxley Act (SOX), directors were frequently part of a CEO-centric culture, lending their networks and industry experiences, but rarely participating in independent oversight of company management. In the last twenty years, however, regulations for for-profit and public companies have extended to board activities and caused board culture and practices to shift from a CEO-centric model to a model of increased independent director accountability. Today, for-profit directors are being held accountable, and they act accordingly. Potential board members are carefully considering the increased risk – understanding that board service, while noble, comes with significant personal and reputational risk. The most effective directors require good governance in their organizations, so they can fulfill the duties which are required of them. We have witnessed firsthand directors who were prepared and stood tall when the unthinkable crisis hit their company and others, who had not fulfilled their oversight duties, were left vulnerable when a crisis occurred. The quality of an organization’s board governance practices dictates the quality of oversight and is the first determinate of how well a board will respond in a crisis.
Our work with non-profit boards has confirmed that the old corporate board model of scant oversight too often exists in the non-profit sector. While the Office of Inspector General of the U.S. Department of Health and Human Services (OIG) has provided guidance on compliance programs and board oversight thereof, such programs are frequently siloed and not integrated as part of a comprehensive top down commitment. As non-profit hospital boards are often composed of volunteer leaders whose contributions are primarily fundraising, community stature, political networks, or expertise in the services being delivered, the organizational oversight provided by the board is often limited. As a result, the board chair or an executive committee provide the sole management and outside auditor interface with the remainder of the board having high-level or no involvement in oversight. In light of developing changes, this model is no longer sustainable.
The fiduciary duties of care and loyalty apply equally to the non-profit board and its individual members. While there are federal and state laws, including in Georgia, that serve to limit the liability of non-profit board members, these protections generally only extend to directors that have acted in good faith and using the care of a prudent person. Given current governance trends, the “prudent person” standard likely now requires more attention to governance than previously required. Non-profit boards should take note of the best practices used by corporate boards and begin to install those practices in their organizations to fulfill their duties and mitigate the personal litigation and reputational exposure that may exist if board members fail to carry out their duties. Based on current expectations in the for-profit sector and the OIG’s guidance for an effective hospital compliance program, every hospital director should be actively informed regarding:
oversight, and approval, of long term strategy,
oversight of the hiring, firing and compensation of senior management and the installation of a sound enterprise-wide compensation system,
risk management, ensuring that the proper systems are in place and working adequately to identify and mitigate compliance, data governance (security, privacy, allowable usage) and other significant risks,
establishing an organizational culture, by setting a tone at the top that extends ethical behavior throughout the organization, and
board governance best practices, including the selection, evaluation, accountability and retention of directors.
While some of these obligations are rightfully delegated to board committees or subcommittees, all board members should be kept abreast of the happenings. While the oversight objectives are straightforward, installing best practices to achieve them is not a simple one-size fits all exercise. The practices installed must be tailored to the organization, taking into account not only its history but its culture. The process should be iterative and wide-spread support from both senior management and the board must be garnered. Outside resources are often helpful in this process, as a neutral arbiter to bridge any divides in the applicable stakeholders.
The Act and the anticipated executive order are a demonstrative a signal that, just as has happened in the public company sector, greater demands will be placed on hospital boards. Other states have and will follow suit. Ultimate accountability resides with boards, not management. No longer should hospital board service be viewed just as an honor. It is now an important and challenging job where the right skills and full involvement are critical. Governance practices of non-profits must evolve to meet the changing expectations.
The 8th Circuit Court of Appeals recently handed the Federal Trade Commission another appellate victory in its efforts to curtail anticompetitive mergers in the healthcare industry, affirming the FTC’s earlier District Court victory in Federal Trade Commission v. Sanford Health. The decision follows a number of other recent FTC appellate victories in healthcare merger cases – in the Third, Seventh and Ninth Circuits – over the last several years.
In the Sanford Health case, the FTC (joined by the State of North Dakota), alleged that Sanford Health’s proposed acquisition of a large multi-specialty physician group in Bismarck, North Dakota – Mid Dakota Clinic, P.C. – would have anticompetitive effects. In support of the claim, the FTC alleged that, post-merger, Sanford Health would have a 99.8% market share in the general surgeon services market in the Bismarck-Mandan region, a 98.6% share in pediatric services, an 85.7% share with respect to adult primary care services; and an 84.6% share of the OB/GYN physician services market. Each of these market shares, and the increase in these shares caused by the proposed merger, create presumptions under the FTC/DOJ Horizontal Merger Guidelines that the proposed transaction would have anticompetitive effects.
In response to the FTC’s claims, and in defense of the merger, Sanford Health advanced four main arguments: (1) that market concentration has no relationship to bargaining power in North Dakota (principally because Blue Cross of North Dakota is a “dominant” payor in the state, and can resist any proposed price increase by providers); (2) that Catholic Health – the only other provider of physician services in the region – was poised to expand its services after the merger, ensuring future competition and a subsequent lessening of Sanford Health’s market share; (3) that efficiencies from the merger offset any potential harm to consumers; and (4) that Mid Dakota’s weakened financial condition justified the merger. However, the 8th Circuit rejected each of these arguments.
First, as to the argument that, due to Blue Cross of North Dakota’s size, it could repel any potential price increase from Sanford Health post-merger, the Court noted that a Blue Cross representative had testified at trial that Sanford would, in fact, be able to force Blue Cross either to pay higher reimbursement rates post-merger or be forced to leave the Bismarck-Mandan region (given the need to offer the physician services largely offered only by Sanford to its insureds). In addition, as to Catholic Health, the Court noted that, under the Horizontal Merger Guidelines, new entry must be “timely, likely and sufficient in magnitude, character and scope to deter or counteract the competitive effects of concern,” and conclude – as the lower court had – that Catholic Health’s entry, even were it to occur, would not be timely enough to eliminate potential anticompetitive harm. Third, the Court held that the efficiencies that Sanford Health claimed would be created were, for the most part, not “merger specific” – another requirement under the Horizontal Merger Guidelines – and thus could not counterbalance the FTC’s claimed anticompetitive effects. And finally, as to the claim that the merger was necessary due to Mid Dakota’s failing financial health, the Court noted that evidence in the case suggested that Mid Dakota physicians enjoyed compensation levels 32% above the national average, and that the minutes of a Mid Dakota shareholders meeting at which the proposed merger was discussed indicated that the motivation for the merger was to sell at a high share value, not concern about the long term viability of Mid Dakota. Accordingly, for all of these reasons, the 8th Circuit affirmed the lower court’s decision to enjoin the merger.
As noted above, the 8th Circuit’s ruling continues a recent “winning streak” for the FTC in healthcare merger appeals in various circuits. In addition, the decision also demonstrates the FTC’s continued interest in the competitive implications of physician group mergers (which seems to have increased since the FTC’s successful challenge to a physician group transaction in 2015 – the St. Luke’s Health System case), and the increasing willingness of the federal courts to rely upon the FTC/DOJ Horizontal Merger Guidelines for support for decisions to find that proposed mergers violate the antitrust laws. This last development is significant, given that the Horizontal Merger Guidelines are merely a statement of FTC/DOJ policy in the merger area, and not a binding upon any court. However, as the Sanford Health case demonstrates, the Guidelines are increasingly being used by the Courts as a basis for their decisions in merger cases. Where this may ultimately lead remains to be seen; stay tuned.
Last month, in a unanimous decision, the U.S. Supreme Court ruled that the analysis of the applicable statute of limitations under the False Claims Act (FCA) as set forth in 31 U.S.C. § 3731 is the same regardless of whether the government intervenes in the action or not. While the decision is not likely to affect either the government or relator conduct, it will encourage defendants to expand the scope of discovery to better gauge whether the action may be time barred.
Under the FCA, an action must be brought within: (1) six years of the date on which the violation was committed [31 U.S.C. § 3731(b)(1)]; or (2) three years of the date on which “the facts material to the right of action are known or reasonably should have been known by the official of the United States charged with responsibility to act in the circumstances, but in no event more than 10 years after the date on which the violation is committed, whichever occurs last.”
In the FCA case at issue, the relator brought suit on November 27, 2013 against two companies alleging that they defrauded the government in connection with a Department of Defense contract to provide security services in Iraq from “some time prior to January 2006 until early 2007.” A little less than three years prior to filing suit, during an interview with the government on November 30, 2010, relator disclosed the alleged wrongdoing. Subsequently, the government declined to intervene in the lawsuit and the companies moved to dismiss the complaint as time barred, as it was filed more than six years after the alleged wrongful conduct.
Until this decision, the various circuit courts were divided as to the proper interpretation of Section 3731 and had reached three different conclusions. The Ninth Circuit had ruled that Section 3731(b)(2) applies in non-intervened cases, and the statute of limitations period begins to run when the relator knew or should have known the relevant facts. The Fourth and Tenth Circuits, however, found that when the government declines to intervene, only Section 3731(b)(1) applies and the relator must file a complaint within six years after the violative conduct. Finally, unlike the Fourth, Ninth and Tenth Circuits, the Eleventh Circuit found that in non-intervened cases, the statute only begins to run from when “the official of the United States charged with responsibility to act in the circumstances” knew or should have known of the violative conduct.
The Court found that the appropriate interpretation was that of the Eleventh Circuit, and ruled that in non-intervened cases, the statute of limitations will begin to run from when the appropriate government official had or should have had knowledge of the fraudulent conduct. In delivering the opinion, the Court chose to leave open the question of who qualifies as the appropriate “official of the United States” under Section 3731(b)(2). The decision only ruled out a private relator as the appropriate “official” under the statute.
Nonetheless, in light of this decision, defendants will be wise to seek extensive discovery on the timing and subject matter of information provided to government officials in order to refute a relator’s reliance on Section 3731(b)(2)’s ten year limitations period and dismiss the case for failing to meet the shorter three year statute of limitations.
With an overwhelming amount of bi-partisan support, on May 7, 2019, Georgia enacted the Pharmacy Anti-Steering and Transparency Act, O.C.G.A. §26-4-119 (the GA Act). The GA Act goes into effect as of January 1, 2020.
As healthcare providers are well aware, prohibitions against self-referrals are not new – federal and state laws prohibiting self-referrals by physicians and other healthcare providers have been in place for decades (e.g., federal Stark Law; Anti-Kickback Statute). However, many pharmacy benefit managers (PBMs) and insurers have leveraged their affiliations with pharmacies to steer patients to their affiliated pharmacies without much regulatory oversight or transparency resulting in increased profits for the PBMs and insurers and negatively impacting patient choice and quality of care. The GA Act seeks to address these issues by imposing self-referral and anti-steering prohibitions against pharmacies affiliated with PBMs and insurers.
Purpose and Goals
The GA Act was enacted to achieve three primary goals: (1) ensure the delivery of high quality patient care with respect to prescription medications; (2) allow patients to choose their pharmacies; and (3) increase transparency.
During the legislative session, Rep. David Knight (a sponsor of the GA Act) highlighted that PBMs and insurers are data mining patient data to steer patients to pharmacies affiliated with such PBMs and insurers resulting in limited patient choice, waste of resources, increased costs, and lower quality of care to patients.
A pharmacist and oncologist testified about PBM-owned pharmacies. As stated in testimony, these PBM-owned pharmacies mandate that patients only use certain mail-order pharmacies to fill their prescriptions. This mandate effectively strips patients of proper access to healthcare professionals to address chronic illness and manage medications. The professionals described how these rules negatively impact patient care by, for example, not providing any services for management of medications by a pharmacist or other healthcare professional, consistent incorrect dosages or incorrect medications being shipped by mail-order pharmacies, medications requiring refrigeration sitting on doorsteps for hours, and prolonged delays in receipt of medications when immediate treatment is needed.
In an attempt to address these concerns and promote transparency, the GA Act prohibits a pharmacy licensed or holding a non-resident permit in Georgia (GA Pharmacy), from:
Transferring or sharing any records regarding prescription information containing patient or prescriber identifiable data to, or from, an “Affiliate” for any commercial purpose (i.e., non-patient care purpose). The foregoing prohibition does not apply to the exchange of prescription information between a pharmacy and its Affiliate for the limited purposes of pharmacy reimbursement, formulary compliance, pharmacy care, public health activities otherwise authorized by law, or utilization review by a healthcare provider.For purposes of the GA Act, an “Affiliate” means a person licensed as an insurer in Georgia which, either directly or indirectly through one or more intermediaries: (A) has an investment or ownership interest in GA Pharmacy; (B) shares common ownership with a GA Pharmacy; or (C) has an investor or ownership interest holder in a GA Pharmacy.
Presenting a claim for payment to any individual, third-party payor, affiliate, or other entity for a service furnished pursuant to a “Referral” from an Affiliate. The foregoing prohibition does not prohibit referrals from an Affiliate for limited distribution prescription drugs requiring special handling and not commonly carried at retail pharmacies or oncology clinics or practice.For purposes of the GA Act, a “Referral” means: (A) ordering of a patient to a pharmacy by an Affiliate either orally or in writing, including online messaging; (B) offering or implementing plan designs that require patients to utilize Affiliated GA Pharmacies; or (C) patient or prospective patient specific advertising, marketing, or promotion of a GA Pharmacy by an Affiliate.
The GA Act requires a GA Pharmacy to annually file with the Pharmacy Board a disclosure statement identifying all of its Affiliates (the Annual Disclosure).
Additionally, an Affiliate of a GA Pharmacy may include in communications to patients and prospective patients, information regarding its Affiliated GA Pharmacy(ies) and prices as long as the Affiliate also includes information regarding eligible non-Affiliate pharmacies in such communications and such information is accurate.
The GA Act does not:
Prohibit a pharmacy from entering into an agreement with an Affiliate to provide pharmacy care to patients as long as the pharmacy: (a) does not receive Referrals in violation of the GA Act; and (b) submits the Annual Disclosure.
Apply to any licensed group model health maintenance organization with an exclusive medical group contract, which operates its own pharmacy licensed under Georgia law.
Apply to any hospital or related institution.
Apply to any referrals by an Affiliate for pharmacy services and prescriptions to patients in skilled nursing facilities, intermediate care facilities, continuing care retirement communities, home health agencies, or hospices.
Apply to any GA Medicaid care management organizations.
Violations of the GA Act by the GA Pharmacy are grounds for disciplinary actions by the Pharmacy Board. (e.g., suspension or loss of license). However, a pharmacist who fills a prescription in violation of the GA Act’s prohibitions is not subject to any liability under the GA Act.
As Georgia leads the way in prohibiting self-referrals by PBM and insurance affiliated pharmacies in its effort to increase patient choice, quality of care, and promote transparency in this segment of the healthcare industry, we will continuously monitor developments in Georgia through its implementation process and in other states.
Until recently, the annual limit for civil monetary penalties (CMP) that could be levied against covered entities and business associates in violation of the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act, and their implementing regulations, as amended from time to time (collectively, HIPAA) was $1,500,000. On April 30, 2019, the U.S. Department of Health and Human Services (HHS) released a notice of enforcement discretion lowering the annual CMP caps for certain types of penalties imposed for violating HIPAA. Given 2018 was HHS’ all-time record year for HIPAA enforcement ($28.7 million in penalties collected), the new annual caps seemingly appear to provide relief to covered entities and business associates. The reduced annual caps certainly lower the financial risks for covered entities and business associates that have taken steps to meet HIPAA’s requirements.
However, covered entities and business associates should not get too excited because the reduction in the annual CMP caps are limited in many ways, including, as follows:
Only Apply to Identical Violations – the annual limit only applies to identical violations; if a HIPAA breach involves violations of different HIPAA provisions, the annual CMP cap would not apply. For example, as evidenced in the recent HIPAA settlement with Touchstone Medical Imaging, LLC (Touchstone) for $3,000,000 on May 6, 2019, most settlements and enforcement actions involve violations of more than one HIPAA provision.
In 2014, the Office of Civil Rights (OCR) opened an investigation after receiving a complaint alleging social security numbers of Touchstone’s patients were exposed online through an insecure file transfer protocol (FTP) web server. OCR discovered that Touchstone violated numerous provisions of HIPAA beyond the impermissible disclosure of the PHI of over 300,000 patients through the insecure FTP including, for example, the failure to: (i) implement technical policies and procedures to limit access to persons with rights to access the FTP server; (ii) enter into business associates agreements with its information technology vendors; and (iii) conduct an accurate and thorough risk assessment.
The recent Touchstone settlement highlights that although the decrease in the annual penalty caps for certain violations may provide some relief to covered entities and business associates, this relief is limited. Like in the Touchstone settlement for $3,000,000, HIPAA fines can add up very quickly because, more often than not, HIPAA breaches involve more than one HIPAA violation.
Apply on a Cumulative Basis – the annual limit for identical violations will apply on a cumulative basis if HIPAA violations occur over multiple years (e.g., five (5) separate HIPAA violations without knowledge occurring over a five (5) year period would result in a potential cumulative penalty of $625,000 ($25,000 * 5 HIPAA provisions * 5 years).
Subject to Inflation – the annual limits are subject to inflation with the last applied adjustment in 2018.
Minimum Penalty Per Violation
Maximum Penalty Per Violation
Annual Limit for Identical Violations
Inflation Adjustment: $114
Inflation Adjustment: $57,051
Reasonable cause (i.e. knew or should have known about the violation had reasonable due diligence)
Inflation Adjustment: $1,141
Inflation Adjustment: $57,051
Inflation Adjustment: $114,102
Willful neglect, but violation corrected within 30 days
Inflation Adjustment: $11,182
Inflation Adjustment: $57,051
Inflation Adjustment: $285,255
Willful neglect and failure to correct the violation within 30 days
Inflation Adjustment: $57,051
Inflation Adjustment: $57,051
Inflation Adjustment: $1,711,533
HHS intends to utilize this new tier structure until further notice and will engage in future rulemakings, which we will continue to monitor for future updates.
In summary, covered entities and business associates should curb their enthusiasm for the reduced HIPAA annual limits as HIPAA compliance efforts continue to be critical to avoid potentially hefty HIPAA fines.
For further assistance on HIPAA compliance, contact one of Akerman’s healthcare attorneys.
In the closing days of this year’s legislative session, the Florida House and Senate came to agreement on statutory language that adopts the parameters for telehealth for Florida. HB 23, sponsored by Representative Clay Yarborough, establishes a statutory basis for telehealth services, provides meaningful definitions of the terms telehealth and telehealth provider, and creates Section 456.47 Florida Statutes which provides the standards of practice under which all telehealth providers must operate. HB 23 further creates Sections 627.42396 and 641.31 relating to certain reimbursement requirements for contracts between health insurers, health maintenance organizations, and telehealth providers. Notably absent from this bill is earlier language that provided for a tax credit and a requirement of payment parity for out-of-state and in -state services.
In accordance with the bill’s definition, a telehealth provider is any individual providing healthcare and related services that uses telecommunication technology, exclusive of audio-only telephone calls, email messaging, and facsimile transmissions, to provide healthcare and related services to individuals in Florida. Such services include, but are not limited to the assessment, diagnosis, treatment, and monitoring of patients in need of care. The bill further states that out-of-state telehealth providers must be appropriately licensed by some other state, register with the Florida Department of Health, maintain professional liability coverage, and pay an initial registration fee of $150, among other requirements.
Among the restrictions provided for by HB 23, a telehealth provider is prohibited from opening an office or providing in-person services in the state. As well, telehealth providers may not use telehealth to provide controlled substances, unless specified for treatment of a psychiatric disorder, as part of an inpatient treatment at a hospital licensed under Chapter 395 Florida Statutes, or for a patient receiving treatment in a hospice, or nursing home.
Absent veto by Governor DeSantis, HB 23 is likely to be of significant benefit to the State. Upon becoming law, the bill is likely to significantly increase access to care in both rural and urban areas where physician availability is problematic. HB 23 is scheduled to take effect on July 1, 2019.
Akerman is pleased to be able to offer this timely update to you, and stands willing to discuss this bill further should you need additional information.
In a somewhat surprising move, on April 29, 2019 the Florida Legislature passed legislation (HB 21) that repeals the state’s “Certificate of Need” (CON) laws with respect to general hospitals and tertiary services. Such laws, which are in place in many states, typically prohibit a healthcare provider from expanding its services and from entering new markets absent its ability to demonstrate to state regulators that there is an unmet need for such services in the target community. The Legislature’s action comes during the last week of the legislative session, and after numerous unsuccessful efforts to pass such legislation over the last several years. HB 21 now goes to Governor DeSantis for approval, and if signed, general hospitals and providers of tertiary services will be free of this requirement beginning in July (the legislation also provides that specialty hospitals will no longer be subject to the CON law starting in 2021; at least for now, nursing homes and hospices would still be subject to the CON regulations).
Notably, the passage of this legislation in Florida comes after the federal government aggressively pushed the states to repeal their CON laws late last year. Specifically, in December, the U.S. Department of Health and Human Services issued a report – “Reforming America’s Healthcare System Through Choice and Competition” – that argued that the existence of such laws has been a significant cause of escalating healthcare costs. In response to that report, legislation was introduced earlier this year in Florida (and several other states) to repeal their CON laws.
As explained in the HHS report, CON laws arose in response to a 1974 federal law that required the states to enact such legislation in order to obtain federal funding. However, this obligation was repealed in 1986, and since then, federal regulators have become increasingly opposed to the continued existence of state CON laws. In addition to the HHS report, the DOJ Antitrust Division and the Federal Trade Commission have repeatedly maintained that such laws raise “competitive concerns” and that “the evidence does not suggest that CON laws have generally succeeded in controlling costs or improving quality” of healthcare. The FTC has also testified in support of the repeal of state CON laws, consistently arguing that they “create barriers to entry and expansion” of services and that they potentially “suppress more cost-effective, innovative and higher quality healthcare options.” The FTC has also contended that CON laws can be “exploited by competitors seeking to protect their revenues” and that they may “facilitate anti-competitive agreements” among existing providers. On the other hand, CON advocates maintain that such laws help to ensure that care is offered in areas of the state that might otherwise be ignored, and that existing facilities have adequate volume to enhance the quality of the services they provide.
With passage of HB 21, CON repeal efforts now move on to the other states where such legislation has been introduced, including Alaska, Georgia and South Carolina. Whether CON repeal proponents in those states will achieve similar success to that achieved in Florida remains to be seen. Stay tuned.