FTC Commissioners Call for Study on the Competitive Effects of Consummated Healthcare Transactions that Did Not Previously Receive Regulatory Review

The Federal Trade Commission announced on February 11, 2020 that it had issued Special Orders to five large technology companies, requiring them to provide information to the FTC concerning all corporate acquisitions they have completed over the last ten years that had not previously been required to be submitted for review by the FTC under the Hart-Scott-Rodino Act (HSR). The request is intended to focus, for the most part, on transactions where the companies avoided regulatory review because the size of the transactions were below the HSR reporting thresholds. As described in the announcement, the FTC intends to assess “whether the federal agencies are getting adequate notice of transactions that might harm competition” but are currently unreported, and, accordingly, to consider “whether additional transactions should be subject to premerger notification requirements.” A link to the announcement can be found here.

Notably, particularly for those in the healthcare industry, two FTC Commissioners – Commissioner Christine Wilson and Commissioner Rohit Chopra – issued a separate Statement accompanying the announcement stating that, in their view, a similar study should be launched concerning healthcare transactions. Specifically, they stated that “Given the FTC’s significant expertise in the healthcare industry, and the vital importance of quality healthcare services at competitive prices to every American consumer, we encourage the Commission to analyze sub-HSR deals in [healthcare] next.” Continue Reading

OCR Fee Limits for Third Party Directive Record Requests Struck Down

By Amy Jeon McCullough on February 4, 2020 Posted in Electronic Health Records & Medical Records, Healthcare Law, HIPAA, Privacy, and Data Security

On January 28, 2020, the U.S. Department of Health & Human Services Office for Civil Rights (OCR) issued a notice (the OCR Notice) regarding individuals’ right of access to health records in response to a January 23, 2020 court ruling in the Ciox Health, LLC v. Azar, et al., No. 18-cv-0040 (D.D.C. Jan. 23, 2020) case. OCR noted that despite the modifications contained in the 2013 Omnibus Rule issued on January 25, 2013, the fee limitation set forth in the HIPAA Privacy Rule (i.e., reasonable, cost-based fee)(the Patient Rate) only applies when an individual requests access to his/her own records and does not apply when the individual directs his/her records to be sent to a third party.

In the Ciox Health case, Ciox Health, a medical record retrieval company challenged: (1) the 2013 Omnibus Rule requiring the production of “protected health information” (PHI) contained in formats other than in an electronic health record (EHR) and in any format requested by the requester; and (2) OCR’s 2016 guidance entitled “Individuals’ Right Under HIPAA to Access Their Health Information 45 C.F.R. § 164.521” (the 2016 Guidance) issued expanding the Patient Rate to when an individual directs his/her records to be sent to a third party such as a law firm or insurance company (Third-Party Directive(s)), the three specified methods by which to calculate the disclosure fees, and the exclusion of the cost to search and retrieve the requested records. Ciox asserted that OCR’s actions were beyond its legal power and authority and created legislative rules without public notice and comment as required under law. Continue Reading

Sutter Health Settles California Attorney General Antitrust Case With Cash and an Agreement to Make Significant Changes to its Operations

By James M. Burns on January 6, 2020 Posted in Antitrust, Healthcare Law, Healthcare Litigation, Hospitals & Health Systems

The terms of a settlement that resolved antitrust litigation between the State of California and Sutter Health, the largest health system in Northern California, have now become public, almost two months after the settlement put an end to the case. The settlement, which was inked only days before a trial in the case was set to begin, includes both the payment of a significant sum of money by Sutter Health and an agreement to accept structural reforms to its business. In addition, the settlement includes a first-of-its-kind agreement by Sutter Health to the appointment of a court-approved monitor who will oversee Sutter Health’s compliance with the settlement for a period of at least ten years. Continue Reading

Hackers Raise the Stakes By Possibly Causing Physical Harm

By Robert E. Slavkin and Beth Alcalde on December 19, 2019 Posted in Healthcare Law, HIPAA, Privacy, and Data Security, Technology

Computer hacking, and the permutation of crimes that can be committed by hackers, generally does not spur images of infliction of physical harm. However, in a chilling turn of events, computer hackers have opened a new front in the damage that can be inflicted through cybercrime. In a nefarious series of developments, cyber-liabilities now arise from remote manipulation of the operation of implanted medical devices or from social media-based messaging that is calculated to cause physical harm to the curated audience. In short, promising technological advances have been leveraged by bad actors in a fashion not primarily intended to extract money, but rather intended to cause actual physical harm to individuals.

In an attack that appears motivated more in an attempt to inflict physical harm, as opposed to simply hacking for financial gain, the Epilepsy Foundation announced on December 16, 2019 that it had filed a formal criminal compliant after the organization’s Twitter feed was hacked. The Foundation reported that a series of attacks were ‘designed to trigger seizure(s)’. The hacking of the foundation’s Twitter account was used to post GIFs and videos that had seizure-inducing strobe and flashing lights. People with epilepsy are prone to having seizures being triggered through viewing of flickering images and strobe lights. Perhaps the most twisted aspect of this crime is that it happened during National Epilepsy Awareness Month, when the largest number of people with epilepsy are likely to view the foundation’s social media outlets. Continue Reading

Is A Federal Privacy Law In The Cards for 2020?

By Robert E. Slavkin on December 12, 2019 Posted in Electronic Health Records & Medical Records, Healthcare Law, HIPAA, Privacy, and Data Security, Technology

In May of 2018, the European Union enacted the General Data Protection Rules, or GDPR, a legal framework that outlines not only how companies may collect and process personal information of EU residents, but how that data is stored and used. Since its enactment, GDPR has triggered a global push towards compliance with those standards. In the United States, there presently is no such national standard. However, California has enacted a law that has strong resemblances to GDPR, called the California Consumer Protection Act (CCPA), for which regulations go into effect in January 2020.

The concern, of course, is that instead of one federal standard, the CCPA could represent the beginning of a patchwork of state privacy laws that will make it more difficult for companies and consumers to understand their rights and to ensure compliance. The U.S. Senate’s Commerce Committee has been debating two proposed federal privacy statutes, one led by Senator Roger Wicker, R-Mississippi, who is the committee’s present chair, and the other proposal is being led by Senator Maria Cantwell, D-Wash., who is the committee’s ranking minority member. While there are significant differences in philosophy and breadth of the proposed legislations, all parties agree that federal privacy legislation is needed now.

While there is cause for optimism regarding the overall momentum, there are three main areas that keep the competing drafts of legislation from coming together to form a final bill, along with a myriad of smaller issues that have been debated as well. Those three areas are the idea of a private right of action, the possible preemption of state laws, and enforcement of the law. Continue Reading

2020 Legislative Session –A Sampling of Health Related Bills Filed

By Steven Grigas on December 9, 2019 Posted in Affordable Care Act and Other Healthcare Reform Legislation, Government Affairs, Licensure & Regulatory, Health Insurers & Managed Care Organizations, Medicare & Medicaid

The 2020 Legislative Session will begin its 60-day trek to completion on Tuesday, January 14, 2020. The following is a sample of bills that have been filed. We encourage you to review these bills, and contact us with specific questions about them. The listing of these bills should not be interpreted as any indication that they will pass into law. The likelihood of a bill’s passage is dependent upon any number of factors and is difficult to predict with certainty. Some 2020 healthcare related bills of interest include:

2020 Florida Legislative Session (Healthcare Bills) Continue Reading

You Can’t Always Get What You Want

By Kirk S. Davis on November 19, 2019 Posted in Healthcare Law, Healthcare Litigation, Hospitals & Health Systems

The Florida Fifth District Court of Appeal harmonized the interpretation of state statutory and constitutional language in the first post Amendment 7 case dealing with access to adverse medical incident reports and their use at trial. The Florida statutory prohibition against the use and admissibility of certain incident reports was postulated to conflict with the state constitutional access to adverse medical incident reports. This statutory provision in Florida Statutes §395.1097 pre-existed the adoption of Amendment 7. The Clear text of Florida Statutes §395.0197 states, “the incident reports are part of the work papers of the attorney defending the licensed facility in litigation relating to the licensed facility and are subject to discovery, but are not admissible as evidence in court.” The trial court had ruled that the adverse medical incident reports were accessible, under Amendment 7, but were not admissible under the Florida Statutes. The jury found on behalf of the hospital that there was no negligence that was a legal cause of loss, injury or damage.

In considering the effects of constitutional amendments upon existing statutes, the Florida law is that the statute will continue in effect unless it is completely inconsistent with the plain terms of the state Constitution. The courts are duty bound to harmonize and reconcile the new constitutional provision with the existing law. Continue Reading

FTC Investigating the Competitive Effects of Certificates of Public Advantage

By James M. Burns on October 28, 2019 Posted in Government Affairs, Licensure & Regulatory, Healthcare Law, Healthcare M&A, Joint Ventures, Transactions & Health Ventures

The Federal Trade Commission has issued orders to five health insurers and two health systems requiring them to provide information that will assist the FTC in studying the competitive effects of certificates of public advantage (COPAs) with respect to prices, quality, access and innovation in healthcare. The orders were sent on October 21 to Aetna, Anthem, Blue Cross Blue Shield of Tennessee, Cigna, United Healthcare, Ballad Health and Cabell Huntington Hospital.

COPAs are state laws that allow healthcare providers to enter into cooperative arrangements that might otherwise raise competitive concerns, in circumstances where state regulators have determined that the likely benefits of the arrangement outweigh any potential competitive harm. When subject to a COPA, merging healthcare providers are exempt from federal antitrust scrutiny (typically by the FTC) pursuant to the “state action” doctrine. Continue Reading

Direct Patient Billing Can Create Provider Liability in Florida

By William J. Spratt, Jr. on October 21, 2019 Posted in Healthcare Law, Healthcare Litigation, Hospitals & Health Systems, Physicians

To bill or not to bill, that is the question. Or, more appropriately, who to bill and when to bill, that is the question. Providers who bill patients under the circumstances described below may face liability. What is a provider to do?

A patient was injured in the course of her employment in December 2013 and applied for workers’ compensation benefits. As part of her treatment for her injury under workers compensation, she had a preoperative chest x-ray taken in October of 2014, and a clinical laboratory provided medical testing. She received bills for these services from the providers. The patient alleged that the providers knew she was a workers’ compensation patient and thus not responsible for paying the medical bills. Despite this knowledge, the providers continued to send bills demanding payment over a period of many months. In June of 2015, the patient received a bill from a collection agency on behalf of one of the providers. In response, the patient’s workers’ compensation carrier contacted the provider to inform it that the patient was not responsible for payment and warned that billing the patient was a violation of the Workers’ Compensation Law (WCL). Despite this warning, the provider sent yet another bill to the patient in July of 2015. The second provider, a clinical laboratory company, billed the patient twice for what the patient alleged was an illegitimate debt. Continue Reading

Addressing Acute Mental Health Concerns: Parkland’s Legacy – Florida’s Red Flag Law

By Kirk S. Davis on October 10, 2019 Posted in Healthcare Law, Healthcare Litigation, Hospitals & Health Systems

We are all too aware of the horrors of the Parkland shooting. In response to that awful day, the Florida Legislature enacted Florida Statute Section 790.401 in 2018, “the Marjory Stoneman Douglas High School Safety Act.” Part of this new law is the “red flag” provision which allows courts to proactively remove firearms from individuals who pose a significant danger to themselves or others upon proper petitions by law enforcement agencies. (Called Risk Protection Orders (RPO’s)). The law is being frequently used in Florida. At the Florida Bar’s September 13, 2019 Masters Class presentation on “Legal Issues with Mental Health and Substance Abuse,” it was mentioned that the RPO’s had been “used about 2,500 times in the State of Florida in the past year and a half. That’s about five times a day.” Undoubtedly, what are “red flags” to some will not be to others. The application of the law in the present case, though, aids in clarifying the concept of “Red Flags.” Continue Reading