The terms of a settlement that resolved antitrust litigation between the State of California and Sutter Health, the largest health system in Northern California, have now become public, almost two months after the settlement put an end to the case. The settlement, which was inked only days before a trial in the case was set to begin, includes both the payment of a significant sum of money by Sutter Health and an agreement to accept structural reforms to its business. In addition, the settlement includes a first-of-its-kind agreement by Sutter Health to the appointment of a court-approved monitor who will oversee Sutter Health’s compliance with the settlement for a period of at least ten years. Continue Reading
Computer hacking, and the permutation of crimes that can be committed by hackers, generally does not spur images of infliction of physical harm. However, in a chilling turn of events, computer hackers have opened a new front in the damage that can be inflicted through cybercrime. In a nefarious series of developments, cyber-liabilities now arise from remote manipulation of the operation of implanted medical devices or from social media-based messaging that is calculated to cause physical harm to the curated audience. In short, promising technological advances have been leveraged by bad actors in a fashion not primarily intended to extract money, but rather intended to cause actual physical harm to individuals.
In an attack that appears motivated more in an attempt to inflict physical harm, as opposed to simply hacking for financial gain, the Epilepsy Foundation announced on December 16, 2019 that it had filed a formal criminal compliant after the organization’s Twitter feed was hacked. The Foundation reported that a series of attacks were ‘designed to trigger seizure(s)’. The hacking of the foundation’s Twitter account was used to post GIFs and videos that had seizure-inducing strobe and flashing lights. People with epilepsy are prone to having seizures being triggered through viewing of flickering images and strobe lights. Perhaps the most twisted aspect of this crime is that it happened during National Epilepsy Awareness Month, when the largest number of people with epilepsy are likely to view the foundation’s social media outlets. Continue Reading
In May of 2018, the European Union enacted the General Data Protection Rules, or GDPR, a legal framework that outlines not only how companies may collect and process personal information of EU residents, but how that data is stored and used. Since its enactment, GDPR has triggered a global push towards compliance with those standards. In the United States, there presently is no such national standard. However, California has enacted a law that has strong resemblances to GDPR, called the California Consumer Protection Act (CCPA), for which regulations go into effect in January 2020.
The concern, of course, is that instead of one federal standard, the CCPA could represent the beginning of a patchwork of state privacy laws that will make it more difficult for companies and consumers to understand their rights and to ensure compliance. The U.S. Senate’s Commerce Committee has been debating two proposed federal privacy statutes, one led by Senator Roger Wicker, R-Mississippi, who is the committee’s present chair, and the other proposal is being led by Senator Maria Cantwell, D-Wash., who is the committee’s ranking minority member. While there are significant differences in philosophy and breadth of the proposed legislations, all parties agree that federal privacy legislation is needed now.
While there is cause for optimism regarding the overall momentum, there are three main areas that keep the competing drafts of legislation from coming together to form a final bill, along with a myriad of smaller issues that have been debated as well. Those three areas are the idea of a private right of action, the possible preemption of state laws, and enforcement of the law. Continue Reading
The 2020 Legislative Session will begin its 60-day trek to completion on Tuesday, January 14, 2020. The following is a sample of bills that have been filed. We encourage you to review these bills, and contact us with specific questions about them. The listing of these bills should not be interpreted as any indication that they will pass into law. The likelihood of a bill’s passage is dependent upon any number of factors and is difficult to predict with certainty. Some 2020 healthcare related bills of interest include:
2020 Florida Legislative Session (Healthcare Bills) Continue Reading
The Florida Fifth District Court of Appeal harmonized the interpretation of state statutory and constitutional language in the first post Amendment 7 case dealing with access to adverse medical incident reports and their use at trial. The Florida statutory prohibition against the use and admissibility of certain incident reports was postulated to conflict with the state constitutional access to adverse medical incident reports. This statutory provision in Florida Statutes §395.1097 pre-existed the adoption of Amendment 7. The Clear text of Florida Statutes §395.0197 states, “the incident reports are part of the work papers of the attorney defending the licensed facility in litigation relating to the licensed facility and are subject to discovery, but are not admissible as evidence in court.” The trial court had ruled that the adverse medical incident reports were accessible, under Amendment 7, but were not admissible under the Florida Statutes. The jury found on behalf of the hospital that there was no negligence that was a legal cause of loss, injury or damage.
In considering the effects of constitutional amendments upon existing statutes, the Florida law is that the statute will continue in effect unless it is completely inconsistent with the plain terms of the state Constitution. The courts are duty bound to harmonize and reconcile the new constitutional provision with the existing law. Continue Reading
The Federal Trade Commission has issued orders to five health insurers and two health systems requiring them to provide information that will assist the FTC in studying the competitive effects of certificates of public advantage (COPAs) with respect to prices, quality, access and innovation in healthcare. The orders were sent on October 21 to Aetna, Anthem, Blue Cross Blue Shield of Tennessee, Cigna, United Healthcare, Ballad Health and Cabell Huntington Hospital.
COPAs are state laws that allow healthcare providers to enter into cooperative arrangements that might otherwise raise competitive concerns, in circumstances where state regulators have determined that the likely benefits of the arrangement outweigh any potential competitive harm. When subject to a COPA, merging healthcare providers are exempt from federal antitrust scrutiny (typically by the FTC) pursuant to the “state action” doctrine. Continue Reading
To bill or not to bill, that is the question. Or, more appropriately, who to bill and when to bill, that is the question. Providers who bill patients under the circumstances described below may face liability. What is a provider to do?
A patient was injured in the course of her employment in December 2013 and applied for workers’ compensation benefits. As part of her treatment for her injury under workers compensation, she had a preoperative chest x-ray taken in October of 2014, and a clinical laboratory provided medical testing. She received bills for these services from the providers. The patient alleged that the providers knew she was a workers’ compensation patient and thus not responsible for paying the medical bills. Despite this knowledge, the providers continued to send bills demanding payment over a period of many months. In June of 2015, the patient received a bill from a collection agency on behalf of one of the providers. In response, the patient’s workers’ compensation carrier contacted the provider to inform it that the patient was not responsible for payment and warned that billing the patient was a violation of the Workers’ Compensation Law (WCL). Despite this warning, the provider sent yet another bill to the patient in July of 2015. The second provider, a clinical laboratory company, billed the patient twice for what the patient alleged was an illegitimate debt. Continue Reading
We are all too aware of the horrors of the Parkland shooting. In response to that awful day, the Florida Legislature enacted Florida Statute Section 790.401 in 2018, “the Marjory Stoneman Douglas High School Safety Act.” Part of this new law is the “red flag” provision which allows courts to proactively remove firearms from individuals who pose a significant danger to themselves or others upon proper petitions by law enforcement agencies. (Called Risk Protection Orders (RPO’s)). The law is being frequently used in Florida. At the Florida Bar’s September 13, 2019 Masters Class presentation on “Legal Issues with Mental Health and Substance Abuse,” it was mentioned that the RPO’s had been “used about 2,500 times in the State of Florida in the past year and a half. That’s about five times a day.” Undoubtedly, what are “red flags” to some will not be to others. The application of the law in the present case, though, aids in clarifying the concept of “Red Flags.” Continue Reading
The latest HIPAA resolution agreement by the U.S. Department of Health and Human Services Office for Civil Rights (OCR) is a reminder that healthcare providers must take the high road when responding to unflattering online reviews by patients. While it is tempting to respond to a bad and perhaps untrue online review, healthcare providers need to take care to not disclose patient protected health information (PHI) when defending their reputation.
A Texas dental practice agreed to pay $10,000 and enter a two-year corrective action plan to settle potential violations of the HIPAA Privacy Rule arising from allegations that the practice responded to a patient’s online Yelp review by disclosing the patient’s last name and details of the patient’s health condition. The practice did not have authorization from the patient to disclose his/her protected health information in the online forum. As a result of its investigation, OCR learned that the practice had disclosed the PHI of multiple patients in the course of responding to comments on the practice’s Yelp review page. In announcing the settlement, OCR Director Roger Severino said, “Doctors and dentists must think carefully about patient privacy before responding to online reviews.” Continue Reading
Last Thursday, September 5, 2019, Judge James Moody, Jr. of the United States District Court for the Middle District of Florida issued a positive ruling for hospitals dealing with patient safety organization (PSO) data. The opinion can be reviewed here. Note, while this decision is not binding on state courts, it is persuasive authority. It may be used to argue against the production of adverse incident materials.
Federal Judge Moody commented regarding some specific issues:
Subject Matter Jurisdiction
The Plaintiff, Tampa General Hospital (TGH), was facing daily monetary sanctions pursuant to federal law in a state court action if it knowingly disclosed patient safety data. The federal statutory penalty is expressed in mandatory terms in both the Patient Safety Act and the Administrative Rules. Since the U.S. Department of Health and Human Services (HHS) had refused to assure TGH it would not be penalized if TGH produced the Patient Safety Work Product (PSWP), the court had to act.
Both TGH and HHS agreed that the Patient Safety Act expressly preempts Florida Amendment 7. Judge Moody states that the language in the Patient Safety Act clearly is an express preemption clause. The key point, in this particular case, is that the documents that TGH maintained, were made for and submitted to, a PSO. They were therefore not subject to forced disclosure in the state court medical malpractice action.
The federal court addressed the Florida Supreme Court’s opinion in Charles v. S. Baptist Hosp. of Fla., Inc., 209 So. 3d 1199 (Fla. 2017). The distinct difference is that the documents in Charles had not been submitted to a PSO. Preemption therefore was not directly at issue. Continue Reading