Welcome to this week's edition of the Health Law Update. Topics covered today include:
We hope you find this information helpful. Please contact any member of BakerHostetler's Healthcare Team with questions.
A MESSAGE FROM DONNA CLARK AND DARBY ALLEN ON THE A TO Zs OF STARK LAW COMPLIANCE
Healthcare providers, particularly physicians and hospitals, regularly engage in business arrangements that may implicate the federal self-referral law, known as the Stark Law. Recent changes to the Stark Law, including changes to the whole hospital exception, disclosure requirements for certain imaging services and under arrangements issues, each require careful consideration from providers. Providers have multiple targets on their backs as enforcement actions for Stark Law violations may be initiated by the U.S. Department of Health and Human Services (HHS) Centers for Medicare and Medicaid Services (CMS), HHS Office of Inspector General (OIG), U.S. Department of Justice (DOJ) and whistleblowers in False Claims Act litigation. In 2011, healthcare fraud enforcement efforts on the whole recovered nearly $4.1 billion. In this aggressive enforcement environment, healthcare providers should scrutinize their business relationships for compliance with the Stark Law. To that end, the following A to Zs of Stark compliance provide an overview of the law and identify key issues that healthcare providers face.
A- Any benefit offered to a physician or immediate family member potentially implicates Stark
B- Benefits include financial relationships ranging from compensation to ownership/investment interests
C- Cannot refer Medicare or Medicaid patients for designated health services without an exception if a financial relationship exists
D- Designated health services (DHS) include most ancillary services, post-acute services, including home health and durable medical equipment and inpatient and outpatient hospital services
E- Exceptions are available for compensation arrangements and ownership/investment interests
F- Fair market value compensation is required for all financial relationships
G- Group practices need to be evaluated for compliance
H- Have all arrangements reviewed/evaluated
I- "Immediate family members" include spouses, parents, children, siblings, in-laws, grandparents and grandchildren, among others
J- Justify all payments for items or services as fair market value
K- Kickback law violations also might apply when Stark is violated
L- Liability for violations for each claim includes civil monetary penalties of up to $15,000, three times the claim amount, and exclusion
M- Medicare and Medicaid referrals are the only referrals prohibited by statute
N- No intent is required for a violation
O- Only financial arrangements that meet an exception escape liability
P- Physicians subject to Stark include MDs, DOs, DDSs, podiatrists, optometrists and chiropractors
Q- Question whether terms are commercially reasonable for each arrangement
R- Referral of Medicare patients is prohibited if it involves DHS unless an exception is applicable
S- Self-disclosure is an avenue for resolving potential liability
T- Terms of at least one year are required for most leases and other contracts
U- Unless an arrangement meets every component of the exception, the referral will be prohibited
V- Volume or value payments for items or services are prohibited
W- Written agreements are required for most exceptions
X- "X-pired" contracts fail to comply, and expose parties to sanctions
Y- You need a general understanding of the law to avoid liability
Z- Zillions of dollars may be at stake!
These A to Zs provide a starting point for providers to evaluate their Stark Law compliance. Because the Stark Law is a strict liability statute, each unique arrangement should be closely evaluated to avoid an unintentional violation of the law that could result in a significant penalty. Not only is it important to consider the Stark Law when entering into a new arrangement, but compliance reviews should be conducted periodically to ensure that the arrangement is implemented as planned.
If you need assistance with Stark Law issues, please contact Donna S. Clark at firstname.lastname@example.org or 713.646.1302 or Darby C. Allen at email@example.com or 713.646.1311.
top of page
PLEDGES BY DEBTORS TO NONPROFITS MAY NOT BE ENFORCEABLE AFTER BANKRUPTCY
Is a bankrupt pledgor legally bound to fulfill its promise to pledge a gift; or will a nonprofit have a successful claim against a pledgor if there is a subsequent failure to make payment because of a bankruptcy filing? A district court in Arizona recently held that St. Joseph’s, a nonprofit hospital, did not have an enforceable claim in Bashas’ Inc.’s bankruptcy for Bashas’ $50,000 charitable pledge because of Bashas’ bankruptcy. In re Bashas’ Inc., 2012 WL 5289501 (D. Ariz. Oct. 25, 2012). The decision, if followed elsewhere, could present concerns for nonprofit organizations.
The District Court’s Reasoning
The district court found that St. Joseph’s did not have a valid claim for breach of contract or promissory estoppel. The court explained, in sum, that Bashas’ charitable pledge was not supported by consideration (as required for a valid contract), St. Joseph’s did not rely on the pledge (as required for a claim for promissory estoppel) and this was not a case in which injustice can only be avoided by enforcing the pledge. To the contrary, the district court felt enforcement of the pledge would have been the true injustice. The court characterized St. Joseph’s efforts as "greedy" because, though the pledge was made when the debtor could pay, now that Bashas’ was in bankruptcy, it was inappropriate for St. Joseph’s to pursue payment. If St. Joseph’s were successful, it would harm Bashas’ creditors, those who actually provided goods and services. Indeed, the court felt that a decision enforcing St. Joseph’s claim would deter future pledgors from ever wanting to make a charitable pledge because "[w]ho would ever want to make a charitable pledge to St. Joseph’s if one thought St. Joseph’s would chase you to the end of the world even after a change in circumstance makes fulfillment of the pledge unjust?"
St. Joseph’s promissory estoppel argument, which was rejected by both the bankruptcy court and district court, was premised upon section 90 of the Restatement (Second) of Contracts. That provision provides that if a party engages in certain conduct or forebears from doing something due to a promise made, then that party may be entitled to a remedy if that promise is later broken. Subsection 2 specifically applies this rule to charitable subscriptions. Notwithstanding that analysis, both the bankruptcy court and district court refused to apply the subsection because injustice to the pledgor is a prerequisite to its application, and both courts believed that enforcing the pledge would cause more harm to the creditors than to St. Joseph’s. The bankruptcy court and district court conducted their legal analysis under Arizona law. It is likely that a different court in a different state interpreting a different state’s laws could reach the opposite conclusion. Many state courts have found valid consideration for a debtor’s pledge made to a nonprofit organization.
Lessons of In re Bashas’ Inc.
Based upon the logic of the district court, an argument can be made that the harm to creditors of a bankrupt pledgor outweighs the harm to nonprofit organizations, because the former provide goods and services, while the latter do not. Arguably, this would create a per se rule against upholding enforcement of a pledge where the pledgor is a bankrupt entity. On the other hand, a scenario could exist where the nonprofit justifiably relied on the funds being donated. For example, in many jurisdictions healthcare facilities are nonprofits, which rely on donations for capital improvements and the like. If a healthcare facility were to purchase equipment necessary to run its day-to-day operations in reliance on a pledge, a court may find sufficient justifiable reliance so as to enforce the pledge. The bankruptcy case law is sparse on this issue; thus, it remains to be seen whether courts will follow In re Bashas’ Inc., or whether they will carve out exceptions. Nonetheless, in situations where consideration in exchange for the pledge exists, or where the nonprofit organization justifiably relies on the pledge and no harm exists to any other constituency, courts in other jurisdictions may reach a different conclusion than the one the courts did in In re Bashas’ Inc.
"Clawing Back" Pledges
Although the decision did not address this issue, there are instances where a "gift" by a bankrupt entity will be subject to "claw back" by a bankruptcy trustee or by the debtor after a bankruptcy case is filed because a gift can be deemed a constructively fraudulent transfer. Section 548 of the Bankruptcy Code allows a trustee or a debtor to "avoid" or "claw back" transfers that were made by a debtor within two years (or longer under state law) of the debtor’s bankruptcy if the recipient did not provide "reasonably equivalent value" to a debtor. However, Section 548 of the Bankruptcy Code also includes a provision that precludes the trustee from avoiding certain charitable contributions to qualified religious and charitable entities. Specifically, transfers of charitable contributions to a religious or charitable entity or organization cannot be "clawed back" so long as that contribution does not exceed 15 percent of debtor’s gross annual income for that year. If the contribution did exceed the 15 percent threshold, a trustee may not avoid the pledge if the transfer was consistent with the practices of the debtor in making charitable contributions. Of course, in the In re Bashas’ Inc. case, the payment of the pledge was never actually made by the debtor, thus the issue of whether there was a fraudulent transfer was not an issue.
The issues that arose in In re Bashas’ Inc., as well as the issues surrounding charitable contributions to qualified religious and charitable entities, vary from state to state. Advice from counsel could assist a pledgor or a nonprofit organization in avoiding any of the pitfalls mentioned above.
For more information, please contact Marc E. Hirschfield, firstname.lastname@example.org or 212.589.4610; Marc Skapof, email@example.com or 212.847.2864; George Klidonas, firstname.lastname@example.org or 212.589.4625 or any member of BakerHostetler’s Bankruptcy, Restructuring and Creditors’ Rights Team.
top of page
ALJ APPEALS FREQUENTLY FAVORABLE TO PROVIDERS; OIG CALLS FOR REFORMS
The OIG recently published a report reviewing the implementation of 2005 regulations regarding the administrative law judge (ALJ) level of appeals, the third level of the Medicare appeals system. The 2005 regulatory changes were intended to address prior concerns voiced by the OIG over the inconsistent application of standards at different levels of appeals and CMS’s limited ability to defend itself.
In the current review, the OIG found ALJs reversed in favor of appellants for 56 percent of appeals. In contrast, qualified independent contractors (QICs), the prior level of appeal, decided fully in favor of appellants in 20 percent of FY 2010 appeals. The OIG found that this difference was due to ALJs differing from QICs in their interpretation of Medicare policies, their degree of specialization and their use of clinical experts. Interviews with QICs and ALJ staff showed that ALJs tended to interpret Medicare policies less strictly than QICs. Additionally, QICs specialize in a Medicare program area (Part A, Part B, or DMEPOS); however ALJs typically decide appeals involving all Medicare program areas due to random assignment. QICs have medical directors and clinicians on staff to review decisions, but ALJs do not, and ALJ staff noted that ALJs have thus tended to rely on testimony and evidence from treating physicians.
The OIG also noted that some ALJs were much more likely than others to make decisions that were fully favorable to appellants. Among the 66 ALJs, the fully favorable rate varied from 18 to 85 percent. The OIG noted that a small number of "frequent filers" account for one-third of all appeals, and that these frequent filers received fully favorable decisions at different rates from different ALJs.
The OIG found that when CMS participates in appeals, ALJ decisions were found to be less favorable to appellants. Overall, CMS participated in 10 percent of the appeals that ALJs decided in FY 2010. When CMS participated, 44 percent of the ALJ decisions were fully favorable to appellants; when CMS did not participate, the fully favorable rate was 60 percent. CMS rarely chose to be a party, which would have allowed it to submit evidence, call or cross examine witnesses. Nearly all CMS staff reported plans to increase participation in ALJ appeals, especially by the contractors that originally denied the claim or recouped the claim payment.
The OIG report also notes concerns that the requirements regarding acceptance of new evidence are open to wide variation among ALJs. In addition, nearly all CMS and ALJ staff identified problems with the case files being organized and formatted differently at different levels of appeals. QIC case files are almost completely electronic whereas ALJs accept only paper case files. The OIG also found that ALJs are inconsistent in how they handle cases where they suspect Medicare fraud and that the agency does not have written policies that address this issue.
The OIG recommended a number of steps for improvement, all of which the Office of Medicare Hearings and Appeals (OMHA) and CMS concurred fully or in part. The OIG recommended that OMHA and CMS:
- Develop and provide coordinated training on Medicare policies to ALJs and QICs;
- Identify and clarify Medicare policies that are unclear and interpreted differently;
- Standardize case files and make them electronic;
- Revise regulations to provide more guidance to ALJs regarding the acceptance of new evidence;
- Improve the handling of appeals from appellants who also are under fraud investigation and seek statutory authority to postpone these appeals when necessary;
- Seek statutory authority to establish a filing fee, and consider options for making the fee effective and fair, such as scaling the fee to the dollar amount at issue;
- Implement a quality assurance process to review ALJ decisions, such as sampling and reviewing ALJ decisions and then providing additional training as necessary;
- Determine whether specialization among ALJs would improve consistency and efficiency;
- Develop policies to handle suspicions of fraud appropriately and consistently and train staff accordingly; and
- Continue to increase CMS participation in ALJ appeals.
Scott McBride has extensive experience with ALJ level appeals. For more information, please contact B. Scott McBride at email@example.com or 713.646.1390 or Ameena N. Ashfaq at firstname.lastname@example.org or 713.646.1329.
top of page
OCR RELEASES DE-IDENTIFICATION GUIDANCE
The HHS Office of Civil Rights (OCR) recently released guidance intended to assist covered entities in understanding what de-identification is, the general process by which de-identified information can be created, and the options available for carrying out de-identification under the HIPAA Privacy Rule. The long-awaited "Guidance Regarding Methods for De-Identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule" (Guidance) does not introduce any new rules or concepts related to de-identification of protected health information (PHI), but instead seeks to assist covered entities in understanding and properly applying the two methods of de-identification provided in the HIPAA Privacy Rule.
De-identification has become an increasingly important issue for covered entities due to the accelerated adoption of health information technologies, which allows for the combination, exchange and beneficial study of large and complex health information data sets. However, much of the individually identifiable health information required to build these data sets is considered PHI under the HIPAA Privacy Rule, which protects the security, privacy and confidentiality of an individual’s health information by permitting only certain uses and disclosure of that information.
HIPAA Privacy Rule De-Identification Standards
The HIPAA Privacy Rule provides two methods for complying with the de-identification standard:
- Expert Determination – A covered entity may determine that health information is de-identified if a person with appropriate knowledge of and experience with generally accepted scientific principles and methods for de-identifying information determines the risk that information could be used by an anticipated recipient, alone or in combination with reasonably available information, to identify the subject of the information is very small, and the methods and results of the analysis justifying that determination are documented.
- Safe Harbor – A covered entity may determine that health information has been de-identified when all "identifiers" of the individual or of relatives, employers, or household members of the individual are removed from the information and the covered entity has no actual knowledge that the information could be used alone or in combination with other information to identify the individual. The HIPAA Privacy Rule includes a list of 18 identifiers that must be removed in order to properly de-identify health information.
According to the Guidance, both de-identification methods, even if properly applied, retain some element of identification risk.
De-Identification Guidance Q & A
The Guidance contains a list of frequently asked questions and answers, examples of which are paraphrased below:
Expert Determination Method
- Who is an expert? There is no specific degree or certification requirement for an expert, and appropriate expertise can be gained through various combinations of education and experience in the statistical, mathematical or other scientific domains. In terms of enforcement, OCR will review the expert’s relevant professional experience and academic training as well as the expert’s actual experience with de-identification.
- How do experts assess the risk of identification of information? OCR does not require a single universal method of assessing the risk of identification for de-identified information so long as the documented analysis justifies the expert’s determination. However, stakeholders have indicated that the following steps should be followed: (1) the expert should consult with the covered entity to determine the appropriate statistical or scientific methods to use to mitigate the risk of identification; (2) the expert should apply those methods to PHI; (3) the expert should assess the remaining risk of identification; and (4) if the risk of identification is very small, the expert must document the methods and results to justify the determination.
Safe Harbor Method
- May parts or derivatives of the listed elements be disclosed consistent with the safe harbor method? No. For example, a data set containing patient initials or the last four digits of a social security number would not meet the requirements of the safe harbor method of de-identification.
- What is considered actual knowledge that the remaining information could be used to identify an individual who is a subject of the information? According to the Guidance, actual knowledge means "clear and direct" knowledge that the information could be used, either alone or in combination with other information, to identify the information’s subject, or awareness that the information has not actually been de-identified.
If you would like assistance in developing de-identification policies and procedures, please contact Lynn Sessions at email@example.com or 713.646.1352 or Cory J. Fox, firstname.lastname@example.org or 713.646.1358.
top of page
STATE FINES HOSPITAL FOR PATIENT CONFIDENTIALITY BREACH; REQUIRES HIPAA TRAINING FOR EXECUTIVES
A California hospital that disclosed a patient’s medical record in response to a California Watch investigative report on the alleged inappropriate billing practices of the hospital’s parent organization was recently cited by the California Department of Health (CADPH) for multiple breaches of state patient confidentiality law.
Although the California Watch report detailed the patient’s visit to the hospital’s emergency room, it did not identify the patient by name. However, in an attempt to "correct factual inaccuracies and false statements" contained within the investigative report, the hospital’s chief executive officer (CEO) and chief medical officer (CMO) disclosed the patient’s records to several newspapers. This prompted a claim, published in an article by the Los Angeles Times, that the hospital had violated privacy laws in an effort to discredit the report.
The hospital countered that the disclosure of the patient’s medical record was legal because the patient had "voluntarily disclosed her medical records" to the investigative reporter. The hospital further stated that the patient, by publicly engaging in the investigative story, waived her HIPAA rights, and in fact, "wanted her medical information to be disclosed and examined."
- After investigation by the CADPH, the hospital was cited with five violations of the California Health and Safety Code, including:
- Failure to inform the affected patient of the unlawful or unauthorized access, use or disclosure of a patient’s medical information;
- Failure to prevent unlawful or unauthorized access to, and use or disclosure of a patient’s medical information; and
- Failure to report to the CADPH an unlawful or unauthorized access to, or use or disclosure of, a patient’s medical information.
The citations were upheld on appeal; the hospital was fined $95,000 for violations of California law and a corrective action plan submitted by the hospital was approved. The corrective action plan included:
- Education to the CMO, CEO and director of marketing regarding HIPAA laws; and
- Review by the CMO, CEO and director of marketing of the hospital’s policies and procedures pertaining to patient privacy, breach reporting and proper use of patient health information.
Under HIPAA and the California Confidentiality of Medical Information Act (CMIA), a patient’s medical information cannot be disclosed without the patient’s written authorization. HIPAA provides for civil penalties of up to $50,000 per violation. Deliberate breaches provide for criminal sanctions of up to $250,000 in fines and ten years in jail. California statute provides for an administrative penalty of up to $25,000 per patient whose medical information was disclosed and up to $17,500 per subsequent disclosure of that patient’s medical information.
Most HIPAA and state law cases pertain to the negligent handling of patient information (e.g., theft of laptop containing patient information or employees reading celebrity medical charts). The above incident is one of the few cases involving hospital executives deliberately disclosing medical information without authorization.
For more information or assistance with privacy issues, HIPAA and the CMIA, please contact Ted Kobus at email@example.com or 212.271.1504, Lynn Sessions at firstname.lastname@example.org or 713.646.1352, or Kimberly M. Wong at email@example.com or 212.271.2028.
top of page
HOLIDAY PUBLICATION NOTICE
The Health Law Update will not publish its regular bi-weekly issue on Thursday, December 20, due to the end of the year holidays. We will resume our normal publication schedule in January 2013. Happy Holidays!
top of page
Houston counsel Lynn Sessions will speak on "Developing a Smartphone Policy for Healthcare Providers" at an audio conference sponsored by Lorman Education Services.
Houston partner Donna S. Clark will speak on "Integrating Community Physicians into the Academic Medical Center" at the Legal Issues Affecting Academic Medical Centers and Other Teaching Institutions conference sponsored by the American Health Lawyers Association in Washington, D.C.
top of page
Baker & Hostetler LLP publications are intended to inform our clients and other friends of the Firm about current legal developments of general interest. They should not be construed as legal advice, and readers should not act upon the information contained in these publications without professional counsel. The hiring of a lawyer is an important decision that should not be based solely upon advertisements. Before you decide, ask us to send you written information about our qualifications and experience. © 2012 Baker & Hostetler LLP