Dear Health Law Section Members:
The Health Law Section (“HLS”) website has been updated with October through November 2018 articles on significant developments in the health law arena that may be of interest to you in your practice. These summaries are presented to HLS members for general information only and do not constitute legal advice from The Florida Bar or its Health Law Section. HLS thanks the following volunteers who have generously donated their time to prepare these summaries for our members:
Jocelyn E. Ezratty, Esq., Brach Eichler, LLC
Angelina Gonzalez, Esq., Panza, Maurer & Maynard, P.A.
Kelli Keeler, Esq., Staff Counsel, Availity, LLC
Erica C. Mallon, Esq., Greenway Health
Kathleen Premo, Esq., Elizabeth Scarola, Esq., & Matthew Sprankle, Esq.,
Epstein Becker Green, PC
Anushree (“Anu”) Sagi-Nakkana, Esq., ASN Law Firm
Jamie Gelfman, Esq., Nelson Mullins Broad and Cassel, HLS Editor in Chief
Ashley Brevda, Esq., Corporate Counsel/Chief Compliance Officer, Oncology Analytics, Inc., HLS Team Editor
Trish Huie, Esq., Patricia A. Huie, PLLC, HLS Team Editor
Download the Word DOCX or PDF versions of the Updates using the links below:
October November 2018 HLS Updates (DOCX)
October November 2018 HLS Updates (PDF)
Claims of Kickbacks Based on Physician Salaries Signals a Need for Increased Compliance Efforts
Compliance with health care laws and regulations not only affords protection against potential state and federal criminal and civil prosecution, but is also essential for protection against litigation from private individuals and entities.
Lee Heath, a public health system that operates six hospitals in Florida, is facing allegations of kickbacks from its former head internal auditor, who brought a lawsuit against the health system alleging that it inappropriately compensated physicians with inflated salaries. Salaries are generally believed to be a more protective form of compensation from a compliance standpoint because they are paid to employees of the given company and they are an earned form of payment. Further, the federal anti-kickback laws contain an exception for remuneration paid to bona fide employees. However, the former auditor of Lee Health purports that the salaries paid by Lee Health should not be afforded such protection.
Although the case was filed in 2017, the clerk recently unsealed the case, making it public in September 2018. Since then, Lee Health’s attempts to re-seal exhibits revealing physician compensation have been denied.
The claims about the alleged salaries describe an environment where certain physicians who had a sizable impact on business generation were paid significantly more than other physicians. The lawsuit alleges that from 2005 through 2014, these physicians were financially incentivized to generate business through referrals by receiving compensation well above fair market value for their professional medical services. The suit also describe practices whereby services performed by nurses and other non-physician providers were billed as though they were performed by the physicians themselves to generate higher reimbursement rates.
It’s worth noting that this lawsuit comes after Lee Memorial Hospital, one of Lee Health’s hospitals, settled a False Claims Act case for about $160,000 with the Department of Justice in 2012 relating to allegations of over-charging Medicare from 2000 to 2008.
This lawsuit is a reminder that caution must be paid not only to the structure of an arrangement, but also to the execution of an arrangement involving compensating providers and billing for health care services. Although the anti-kickback safe harbors and exceptions illustrate situations where risk of health care fraud and abuse may be mitigated, it does not guarantee protection from potential enforcement actions.
Physician compensation should be consistent with fair market value, commercially reasonable, and compensation should not be based on the business generated by the provider for additional protection from risk of litigation or government enforcement actions. The Stark law defines “fair market value” for us at 42 C.F.R. 411.351 as:
[T]he value in arm's-length transactions, consistent with the general market value. “General market value” means the price that an asset would bring as the result of bona fide bargaining between well-informed buyers and sellers who are not otherwise in a position to generate business for the other party, or the compensation that would be included in a service agreement as the result of bona fide bargaining between well-informed parties to the agreement who are not otherwise in a position to generate business for the other party, on the date of acquisition of the asset or at the time of the service agreement. Usually, the fair market price is the price at which bona fide sales have been consummated for assets of like type, quality, and quantity in a particular market at the time of acquisition, or the compensation that has been included in bona fide service agreements with comparable terms at the time of the agreement, where the price or compensation has not been determined in any manner that takes into account the volume or value of anticipated or actual referrals.
When determining appropriate compensation for physicians or other professionals, providers should take comparable compensation for similar services into consideration at the time of preparation of the employment agreement, and the compensation should not differ based upon the physicians’ potential or actual business generated for the provider, as reflected in the definition of “fair market value.” Finally, all compliance efforts should be documented and readily available in case questions arise in the future.
Submitted by: Jocelyn E. Ezratty, Esq., Brach Eichler, LLC
Audited Financials No Longer Needed in General Hospital
Certificate of Need Applications
On May 8, 2018, Administrative Law Judge (“ALJ”) David Watkins issued a final order in Venice HMA Hospital, LLC d/b/a Venice Regional Bayfront Health v. Agency for Health Care Administration, invalidating Rule 59C-1.008(4), Florida Administrative Code, to the extent that the Rule required Certificate of Need (“CON”) applicants for general hospitals to submit audited financial statements with their CON applications. ALJ Watkins concluded that Rule 59C-1.008(4), Florida Administrative Code, was an invalid exercise of delegated authority, as applied to CON applicants for general hospitals because:
General hospitals are not required to submit proof of financial ability to operate at the time of the submission of the CON application. In accordance with rule 59C-1.010(2)(d), general hospitals are required to comply with the requirements of sections 408.035(2) and 408.037(2). Neither of those statutes requires that a general hospital applicant submit proof of financial ability to operate until 120 days after the issuance of the final CON to the applicant.
This holding is particularly important because the controversy arose from an administrative proceeding where a general hospital application was being reviewed. The CON applicant, Venice Regional Medical Center, argued that it was irrelevant that it had failed to include audited financial statements with its CON application, since financial feasibility was no longer an applicable criterion. The applicant further argued that regardless of its failure to include the audited financial statements, its CON application should be deemed complete. As noted above, ALJ Watkins agreed with the applicant’s reasoning on this point. The holding in Venice HMA Hospital underscores that a CON applicant for a general hospital is no longer required to support or defend its project’s short-term or long-term financial viability during the application review process.
Submitted by: Angelina Gonzalez, Esq., Associate, Panza, Maurer & Maynard, P.A.
CMS Final Rule Expands Medicare’s Reimbursement for Physician Services
Furnished Using Communication Technology
On November 1, 2018, the Centers for Medicare and Medicaid Services (“CMS”) finalized proposals to separately pay for a newly defined physician’s service furnished using communication technology: the “virtual check-in” (the “Final Rule”). The Final Rule permits physicians and certain qualified practitioners (defined below) to be reimbursed for providing communication technology-based services to established patients beginning on January 1, 2019. The Final Rule promotes Medicare beneficiaries’ access to these telehealth services by removing certain restrictions traditionally placed on delivery of telehealth services and creating various payment codes for telehealth and telehealth-like services.
- CMS Pays for the Newly Defined “Virtual Check-In”
Beginning January 1, 2019, reimbursement will be available to physicians or those who can report evaluation and management (“E/M”) services in accordance with applicable state law and CMS billing and coding standards (“qualified practitioners”) for a brief, non-face-to-face check-in with established patients to assess whether the established patient’s condition requires an office visit. The brief communication technology-based service is billable under HCPCS code G2012. The established patient must not have had a related E/M service provided within the previous seven days, and the payable services must also not lead to an E/M service or procedure within the next 24 hours. If the review of the patient-submitted image/video leads to an E/M service within the next 24 hours, then the event is considered bundled into the pre- or post- visit time of the associated E/M service, and will not be separately billable.
Notably, CMS will allow both audio-only real-time telephone interactions in addition to synchronous, two-way audio interactions that are enhanced with video or other kids of data transmission. So long as the brief communication service meets the aforementioned requirements, there is no frequency limitation as to the number of such services providers may submit in Fiscal Year 2019.
Despite the request from commenters, CMS declined to expand services beyond the scope of qualified billing professionals to established patients. For example, CMS responded to a request from a commenter requesting that telemedicine services provided by physical therapists be payable. CMS noted in a response that the Agency agrees that similar check-ins provided by clinical staff can be “important aspects of coordinated care,” but noted that such clinical staff services are included in the RVUs for other codes, including those that describe E/M visits, part of several care management services, and procedures with global periods.
- CMS Expands Access to Telehealth Services for Medicare Beneficiaries
The Final Rule is a departure from Medicare’s typical restrictions on telehealth services, including (1) restrictions on applicable “originating sites” (i.e., where the patient is located) and (2) limits on appropriate telehealth “modalities” (means of delivering the telehealth service).
- Removing Originating Site Restrictions for Services Delivered Via Telehealth
Effective January 1, 2019, CMS plans to add the following locations to its list of originating sites: Medicare beneficiary homes for those receiving home dialysis for end-stage renal disease (“ESRD”), renal dialysis facilities, and mobile stroke units (ambulances equipped to handle acute stroke). This change allows health care providers to implement telehealth services in locations that had not been previously covered under Medicare, giving providers the opportunity to both provide care to a wider range of patients and provide patients with greater access to the treatment they need.
Similarly, under this Final Rule, health care providers may deliver (and be reimbursed for) services delivered via telehealth to patients with substance use disorders for treating substance use and co-occurring mental health disorders beginning on January 1, 2019.
These changes are significant for many stakeholders. Health care providers will soon be paid for delivering a service via telehealth to patients in their home regardless of where that patient’s home is located. Providers will receive this reimbursement at the same rate as if the service were to be furnished in person. Medicare beneficiaries also benefit in that those with substance use disorders may now access care simply by setting up a telehealth appointment delivered to their home.
- Providing Reimbursement for Various Additional Telehealth Services
Telehealth has traditionally been described as having three “modalities” by which the telehealth service is delivered to patients: via (a) two-way, interactive audio-video (“synchronous” telehealth); (b) store-and-forward technology; and (c) remote patient monitoring (“RPM”). Medicare previously has reimbursed solely for telehealth services transmitted using an “interactive 2-way telecommunications system (with real-time audio and video).” The Final Rule provides for expanded access to all three modalities.
In addition to providing reimbursement for synchronous “virtual check-ins,” CMS announced that it is finalizing the addition of prolonged preventive services (HCPCS code G0513 and G0514) to Medicare’s reimbursement for telehealth services list. Met with unanimous support from commenters, these codes signify time spent by health care providers “beyond the typical service time of the primary procedure.” These wellness visits must be furnished via telehealth “in the office or other outpatient setting requiring direct patient contact beyond the usual service.” G0513 establishes payment for the first 30 minutes of this preventative care service, while G0514 pays for each additional 30 minutes.
The Final Rule also establishes payment for the “Remote Evaluation of Pre-Recorded Patient Information,” a “store-and-forward”-like service that CMS states is not subject to traditional Medicare telehealth service restrictions because this evaluation is not a substitute for an in-person service currently separately payable under the Physician Fee Schedule. This service intends to determine whether follow up office visits or other services would be necessary. Although CMS considered implementing this code both for new and established patients, the Final Rule only permits payment for HCPCS code G2010 for established patients (those who have had a prior in person or telerehab past visit with the qualified provider). Health care providers must also ensure that they provide a timely diagnosis within 24 business hours in order to be eligible for payment under this code. Providers will be happy to know that a diagnosis can be delivered by e-mail, phone call, virtual visit, text message, or through the patient portal. However, like the virtual check-ins, in order for these services to be payable, they must be stand-alone services separately billed to the extent that there is no resulting E/M office visit and there is no related E/M office visit within the previous seven days of the remote service being furnished.
Further recognizing the importance of touch points for patients with chronic conditions, the Final Rule creates three CPT codes for remote patient monitoring telehealth-like services, entitled “Chronic Care Remote Physiologic Monitoring” (CPT Codes 99453, 99454, and 99457). Since these services are “inherently non-face-to-face” (and thus, they do not have an in-person counterpart), CMS determined that RPM services are not considered a Medicare telehealth service and therefore are not restricted under Medicare’s narrow coverage of telehealth services. CMS did not offer any guidance as to what specific technology qualifies under these codes; however, it does plan to issue guidance in the future “to help inform practitioners and stakeholders on these issues.” Notably, CPT code 99457 permits remote patient monitoring services to be delivered by physicians, qualified healthcare professionals, or clinical staff, including registered nurses and medical assistants (depending on state licensing scope).
- The Final Rule’s Impact on Providers
The Final Rule demonstrates CMS’ commitment to enhancing patient access, including the use of technology-based platforms. The use of communication technology-based services will provide new options for physicians to treat patients. These services could help to avoid unnecessary office visits, could consist of services that are already occurring but are not being separately paid, or could constitute new services. The move is anticipated to reduce the costs of healthcare and benefit vulnerable patient populations.
CMS noted that providers generally support expansions to Medicare telehealth. Several commenters requested the addition of services to the list of Medicare telehealth services in specialized areas, including physical therapy telerehab services. CMS continues to evaluate the cost effectiveness of expansion of such services and will add services to the list of Medicare Telehealth services as described in the CY 2003 PFS final rule (67 FR 799888).
Submitted by: Kathleen Premo, Esq., Elizabeth Scarola, Esq., and Matthew Sprankle, Esq., Epstein Becker Green, PC
PRIVACY & SECURITY UPDATES
Rethinking HIPAA with Regards to Smart Watches and Wearables
The newest updates to the Apple Watch Series 4 create more questions surrounding the applicability of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) to smart watches and other wearable devices. The Apple Watch Series 4 launched on September 12, 2018 and now features electrocardiogram (“ECG”) capability. Users can run their own ECG and see real-time results on their devices, and includes the ability to forward those results on to their doctors for diagnostic purposes. The Series 4 device also includes upgrades to the heart rate monitor to give it the capability to detect irregular heartbeats such as atrial fibrillation (“AFib”).
There is a growing trend among consumers to want to be more hands-on with their health data, so current and potential users of the Apple Watch are unsurprisingly excited about the new features. However, these new features raise questions among health care lawyers, as well as the application (or “app”) developers, as to whether these devices and the user data contained on the devices should be regulated by HIPAA. HIPAA is designed to regulate and secure protected health information (“PHI”). HIPAA protection currently applies to “covered entities,” defined as health plans, health care clearinghouses, and most health care providers, as well as their business associates. HIPAA does not regulate data that is produced by and under the control of the consumer. This distinction further blurs the line of HIPAA applicability for smart watches and wearables when app developers are included.
When the smart watch data is created by and in the possession of the consumer, HIPAA protection is not applicable to that data. However, once an Apple Watch user sends the data, such as ECG results, AFib notifications, heart rate monitoring data, or other personal health data to their doctor, the data becomes PHI subject to HIPAA. As health data becomes more important to everyday consumers and technology continues to evolve with the health care industry, more health plans and providers are utilizing apps to help better serve their members. For example, the Mayo Clinic has a “Mayo Clinic App” that allows members to sync their Apple Health app with the Mayo Clinic app and access the Mayo Clinic app on their Apple Watches. App developers have to keep HIPAA regulations in mind depending on for whom they are developing their apps. Developers who are “creating, receiving, maintaining, or transmitting PHI on behalf of a covered entity or another business associate” are regulated by HIPAA. If a health plan or health provider asks a developer to create an app whereby users can upload their Apple Watch data and send it directly to their doctors, the app would need to be HIPAA compliant. However, if the users are uploading their personal data and they are the only ones who can access the data, HIPAA is not applicable.
Most consumers probably do not think about HIPAA implications on a day-to-day basis, if at all. In addition to the security and privacy concerns related to having more devices on a network, many consumers are likely not considering the risk of whether their data is protected by HIPAA when they log it into an app or use their wearable devices. In looking toward the future, it may mean changes to HIPAA to further include the new smart watch and wearables market within the reach of HIPAA so that consumers are better protected with the advancements of portable health technology.
Submitted by: Kelli Keeler, Esq., Staff Counsel, Availity, LLC
Making Strides in EHR Interoperability
CommonWell Health Alliance (“CommonWell”), a not-for-profit trade association dedicated to achieving cross-vendor electronic health record (“EHR”) interoperability, announced in November that a connection to the Carequality framework, a provider network of more than half of all providers nationwide, is now generally available to all CommonWell members. This initiative is part of an effort to improve EHR interoperability nationwide to allow providers to access health data regardless of where care was rendered and what vendor the provider uses for its EHR solution. CommonWell works with healthcare providers and EHR vendor members to implement a vendor-neutral platform that breaks down the technological and process barriers that currently inhibit effective health data exchange. Carequality is designed to allow providers, hospitals, and health systems using CommonWell member companies’ EHR solutions to exchange patient data across EHR platforms.
Change Healthcare built the infrastructure for the Carequality platform, and EHR vendors Cerner and Greenway Health used it to roll out a connectivity pilot this past summer. Through Carequality, Cerner and Greenway Health customers have been exchanging data with other Carequality-enabled providers. Since the summer, Carequality-enabled providers across the country have exchanged more than 200,000 documents.
This improved interoperability has significant benefits to participating providers, hospitals, and patients. Through this connection, physician practices can directly access patient records from tertiary care centers. If a patient is hospitalized or sees another provider, the patient’s information can be shared seamlessly even if the providers or facilities are on different EHR platforms. Improved interoperability increases efficiency in healthcare practices and improves quality of care and patient experience. Patients with chronic illnesses or conditions have an increased likelihood of seeing multiple providers on an ongoing basis, and their outcomes can be improved tremendously by sharing of health data and follow-up. Continuity of care is paramount in ensuring patient compliance with physician recommendations, and the ability for physicians to access patient data greatly assists in promoting continuity of care.
Submitted by: Erica Mallon, Esq., Corporate Counsel, Greenway Health
A Recap of 2018 Transactions
The latter half of 2018 was bustling with large scale mergers, acquisitions and partnerships in Florida. Here are a few highlights.
Orlando Health – South Lake Hospital (Orlando, Florida): On December 3, 2018, Orlando Health announced that it is taking full control of South Lake Hospital (170 beds) in Clermont (Orlando, Florida) after over 20+ years of a joint partnership. As part of the deal, Orlando Health will: (1) invest $128M in a new foundation that will enrich healthcare service offerings in the region service offering; and (2) commit to $99M for capital improvements in Southern Lake County.
Cleveland Clinic – Martin Memorial System – Indian River Medial Center (Treasure Coast): Cleveland Clinic signed formal agreements in early October to take over Martin Health System (Stuart, Florida) and Indian River Medical Center (Vero Beach, Florida). The transaction still needs regulatory approval, but the acquisition is significant and a strong move for market share in South Florida. If both acquisitions are approved, Cleveland Clinic Florida will restructure leadership. Cleveland Clinic’s new Florida region will include both the new hospital members plus Cleveland Clinical Florida Medical Center in Weston, Coral Springs Family Health Center and facilities in Palm Beach Gardens, Parkland, West Palm Beach, and Wellington.
HCA Merges 2 Tampa Hospitals (Tampa): HCA Healthcare merged Tampa Community Hospital (201 beds) with Memorial Hospital of Tampa (183 beds). Tampa Community Hospital will now be a campus of Memorial Hospital of Tampa and the following services will be offered at Tampa Community Hospital: full service emergency room, inpatient acute medical services for behavioral health patients, inpatient and outpatient behavioral health services, and inpatient substance abuse treatment services.
Boca Raton Regional Hospital – Baptist Health South Florida (Palm Beach County): In July of 2018, Boca Raton Regional Hospital announced that its Board of Trustees has selected Baptist Health South Florida as its recommendation for further strategic partnership discussions, beating out Cleveland Clinic. On November 27, 2018, South Florida Business Journal reported that Boca Raton Regional Hospital “nears deal” with Baptist Health.
Submitted by: Anushree Nakkana, Esq., Managing Partner, ASN Law Firm
 Lee Health, http://www.leehealth.org/about/index.asp.
 Frank Gluck, Lee Health faced with federal whistleblower lawsuit for alleged Medicare fraud, News-Press.com (Dec. 10, 2018), https://www.news-press.com/story/news/2018/12/10/lee-health-facing-whistleblower-lawsuit-alleged-medicare-fraud/2230002002/.
 42 C.F.R. § 1001.952(i).
 U.S. ex rel. D’Anna v. Lee Mem’l Health Sys., No. 2:14-cv-437-FtM-38CM, (M.D. Fla., Sep. 19, 2018), available at https://ecf.flmd.uscourts.gov/cgi-bin/show_public_doc?2014-00437-71-2-cv.
 Press Release, U.S. Dep’t of Justice, Fourteen Hospitals to Pay U.S. More Than $12 Million to Resolve False Claims Act Allegations Related to Kyphoplasty (Feb. 7, 2012), available at https://www.justice.gov/opa/pr/fourteen-hospitals-pay-us-more-12-million-resolve-false-claims-act-allegations-related.
 42 C.F.R. § 411.351.
 No. 17-3108RX at *31 (Fla. Div. of Admin. Hearings May 8, 2018) (Final Order).
 Id. at *18.
 Bayfront Health Port Charlotte v. Sarasota County Public Hospital District, No. 17-0510CON (Fla. Div. of Admin. Hearings May 8, 2018) (Recommended Order), (Agency for Health Care Admin. July 9, 2018) (Final Order).
 Medicare Program; Revisions to Payment Policies Under the Physician Fee Schedule and Other Revisions to Part B for CY2019, Part I, 83 Fed. Reg. 59,452 (Nov. 23, 2018) (to be codified at 42 C.F.R. Parts 405, 410, 411, 414, 415, 425, 495).
 Id. at Part II.
 “Established Patients” are those who have received professional services from the physician or qualified health care professional or another physician or qualified health care professional of the exact same specialty and subspecialty who belongs to the same group practice, within the past three (3) years.
 Medicare has restricted coverage of telehealth services to beneficiaries who reside within certain geographic rural areas and who seek such services at specific “originating sites” (patient beneficiary’s home is not included in the current Medicare definition for “originating site”). See Amy Lerman, OIG Updates FY 2017 Work Plan to Include Review of Medicare Claims for Telehealth Services Provided to Rural Beneficiaries: Will Substantive Change to Medicare Reimbursement for Telehealth Follow?, Epstein Becker Green (July 26, 2017), https://www.techhealthperspectives.com/2017/07/26/oig-updates-fy-2017-work-plan-to-include-review-of-medicare -claims-for-telehealth-services-provided-to-rural-beneficiaries-will-substantive-change-to-medicare-reimbursement-for-telehealth-follow/.
 By making this statement regarding the addition of the above-originating sites, CMS is planning to implement the requirements of the Bipartisan Budget Act of 2018.
 You may read more about this change in a recent post covering the SUPPORT for Patients and Communities Act sought to address originating site restrictions by granting Medicare coverage of telehealth services to eligible beneficiaries in their home. Charles C. Dunham, IV. & Matthew Sprankle, The SUPPORT for Patients and Communities Act: Expanding Medicare Coverage of Telehealth Services to Combat the Opioid Crisis, Epstein Becker Green (Nov. 5, 2018), https://www.techhealthperspectives.com/2018/11/05/the-support-for-patients-and-communities-act-expanding-medicare-coverage-of-telehealth-services-to-combat-the-opioid-crisis/.
 Section 1834m of the Social Security Act defines store-and-forward technologies as “asynchronous transmission of health care information.”
 CPT Code 99453 describes remote monitoring of physiologic parameters related to initial set-up and patient education regarding use of equipment. CPT Code 99454 also involves remote monitoring of physiological parameters, but related to the remote device(s)’s “supply with daily recording(s) or programmed alert(s) transmission.” CPT Code 99457 permits billing for “[r]emote physiologic monitoring treatment management services, 20 minutes or more of clinical staff/physician/other qualified healthcare professional time in a calendar month requiring interactive communication with the patient/caregiver during the month.” This new code will be much easier to track since payment is based on the time spent per calendar month (rather than the per 30-day intervals of its prior iteration), which will better align with claims submission and recordkeeping practices.
 83 Fed. Reg. at 59,575.
 Elizabeth Litten, New Apple Watch May Mark Time to Rethink HIPAA, Fox Rothschild LLP (Nov. 13, 2018), https://hipaahealthlaw.foxrothschild.com/2018/11/articles/hit-health-information-technol/new-apple-watch-may-mark-time-rethink-hipaa/.
 Matt Burns, Apple Watch Series 5 Can Detect AFib and Perform An ECG, TechCrunch (Sept. 2018), https://techcrunch.com/2018/09/12/apple-watch-series-4-can-detect-afib-and-perform-an-ecg/. See also David Phelan, Apple Watch Series 4: When Will the Brilliant ECG Feature Arrive in the States and Worldwide?, Forbes (Sept. 27, 2018, 5:31 PM), https://www.forbes.com/sites/davidphelan/2018/09/27/apple-watch-series-4-when-will-the-ecg-feature-arrive-in-the-states-and-worldwide/#19ac03a63a09.
 Hayley Tsukayama, What Cardiologists Think About the Apple Watch’s Heart-Tracking Feature, Wash. Post (Sept. 14, 2018), https://www.washingtonpost.com/technology/2018/09/14/what-cardiologists-think-about-apple-watchs-heart-tracking-feature/?noredirect=on&utm_term=.693cdd73ab20.
 Burns, supra note 20.
 Tsukayama, supra note 21.
 Litten, supra note 19.
 Paul A. Drey & Sarah Wendler, Peeling Back the Apple Watch: Do HIPAA and the Apple Watch Go Together?, A.B.A. (Sept. 27, 2018), https://www.americanbar.org/groups/health_law/publications/aba_health_ esource/2015-2016/september/applewatch/.
 45 C.F.R. § 160.103.
 Drey & Wendler, supra note 25.
 Mayo Mobile Patient App, Mayo Clinic (Oct. 31, 2014), https://alumniassociation.mayo.edu/mayo-patient-app-free-download/; Brian Kilen, Mayo Clinic Announces Apple Watch App for Patients and Physicians, Mayo Clinic (Apr. 24, 2015), https://newsnetwork.mayoclinic.org/discussion/mayo-clinic-announces-apple-watch-app-for-patients-and-physicians/.
 Supra note 26.
 Fred Donovan, How Does HIPAA Apply to Wearable Health Technology?, Health IT Security (July 24, 2018), https://healthitsecurity.com/news/how-does-hipaa-apply-to-wearable-health-technology.
 See supra note 25; Elizabeth Snell, How Do HIPAA Regulations Apply to Wearable Devices?, Health IT Security (Mar. 23, 2017), https://healthitsecurity.com/news/how-do-hipaa-regulations-apply-to-wearable-devices.
 Litten, supra note 19.
 Naseem S. Miller, Orlando Health to take full control of South Lake Hospital, Orlando Sentinel, Dec. 3, 2018, http://www.orlandosentinel.com/health/os-ne-orlando-health-south-lake-integration-20181203-story.html; Alia Paavola, Orlando Health takes over 170-bed Florida hospital, Becker’s Hospital Review, Dec. 4, 2018, https://www.beckershospitalreview.com/hospital-transactions-and-valuation/orlando-health-takes-over-170-bed-florida-hospital.html.
 Emily Rappleye, Cleveland Clinic to restructure leadership in Florida, Becker’s Hospital Review, Nov. 28, 2018, https://www.beckershospitalreview.com/hospital-executive-moves/cleveland-clinic-to-restructure-leadership-in-florida.html.
 Veronica Brezina-Smith, Memorial Hospital of Tampa completes merger with Tampa Community Hospital, Tampa Bay Business Journal, Nov. 5, 2018, https://www.bizjournals.com/tampabay/news/2018/11/05/memorial-hospital-of-tampa-completes-merger-with.html.
 Brian Bandell, Boca Raton Regional Hospital nears deal with Baptist Health as losses narrow, South Florida Business Journal, Nov. 27, 2018, https://www.bizjournals.com/southflorida/news/2018/11/27/boca-regional-hospital-nears-deal-with-baptist.html.
Dear Health Law Section Members:
The Health Law Section (“HLS”) website has been updated with August through September 2018 articles on significant developments in the health law arena that may be of interest to you in your practice. These summaries are presented to HLS members for general information only and do not constitute legal advice from The Florida Bar or its Health Law Section. HLS thanks the following volunteers who have generously donated their time to prepare these summaries for our members:
Jocelyn Ezratty, Esq., Di Pietro Partners, LLP
Christian Perez Font, Managing Partner, Thinkeen Legal, P.A.
Anne Kelley, J.D. Candidate, University of Florida
Erica C. Mallon, Esq., Corporate Counsel, Greenway Health
Zachary Merson, Corporate Counsel, Availity
Francesca Ozinal, Associate, Epstein Becker & Green, P.C.
Kathleen Premo, Member, Epstein Becker & Green, P.C.
Megan Robertson, Associate, Epstein Becker & Green, P.C.
Timothy Wombles, Esq., Associate, Nelson Mullins Broad and Cassel
Jamie Gelfman, Esq., Nelson Mullins Broad and Cassel, HLS Editor in Chief
Christian Perez Font, Esq., Thinkeen Legal, P.A., HLS Team Editor
Elizabeth Scarola, Esq., Epstein Becker Green P.A., HLS Team Editor
Download the Word DOCX or PDF versions of the Updates using the links below:
August September 2018 HLS Updates (DOCX)
August September 2018 HLS Updates (PDF)
Advisory Opinion Finds Group Purchasing Organization Able to Provide Services to its Affiliate Hospitals and Entities
As health providers turn to more innovative offerings and business models, uncertainties arise with structuring new deals. In its July 30, 2018 Advisory Opinion, No. 18-07, the Office of Inspector General (“OIG”) interpreted new specialty uses for Group Purchasing Organizations (“GPOs”) under the federal Anti-Kickback Statute (the “Advisory Opinion”).
GPOs negotiate volume discounts on behalf of hospitals and health care facilities. They charge product and service vendors an administrative fee in exchange for access to sales at the applicable hospitals and health care facilities.
In the Advisory Opinion, a GPO sought advice (the “Requestor”) regarding a proposed arrangement under which it would offer GPO negotiation services for innovative and specialty healthcare products and services. These specialty products and services are fairly new to the healthcare industry and are not offered by typical GPOs. In the Advisory Opinion, the Requestor certified that it offered a portfolio of specialty products and services, including “information technology platforms, emergency department services and staffing, physician recruitment, telemedicine physician consults, human resources personnel and services, and refurbished equipment.” Much of these specialty group negotiation services are a reflection of the evolving business models that include outsourcing personnel services and incorporating new technology into patient care.
The Requestor sought clarification on the existing corporate structure of its parent company. The Requestor’s parent company also owns hospitals and health care facilities. The Requester wished to provide group negotiation services to those hospitals and health care facilities owned by the Requestor.
Although the arrangement would not qualify for GPO safe harbor protection because it would not satisfy the definition of a “GPO” as defined by the regulations, the OIG concluded that such an arrangement would not warrant administrative prosecution.
The OIG emphasized a few points to justify its position. The Requestor’s affiliated hospitals and facilities wished to utilize the specialty products and services provided by its innovative, affiliate-GPO in an effort to reduce costs. The OIG emphasized that because the traditional GPOs that theses affiliate hospitals and facilities were already using did not offer the specialty services, they were left to negotiate the specialty product and services lines on their own. That is, unless the affiliate hospitals and facilities were permitted to take advantage of the services offered by the affiliated Requestor.
This Advisory Opinion is a reflection of the evolving health care models into increased outsourcing of personnel and incorporating more health technology into medical practices. These modern models help to cut costs in a time when traditional hospitals have been struggling to stay afloat. Whereas some of the regulatory limitations required for safe harbor protection may have discouraged affiliate entities from venturing into cost-effective and innovative business models in the past, this new guidance from the OIG opens the door for health care affiliate entities to venture more comfortably into cost effective and innovative offerings.
Submitted by: Jocelyn Ezratty, Esq., Di Pietro Partners, LLP
FRAUD AND ABUSE UPDATES
OIG Portfolio Highlights Hospice Fraud and Quality-of-Care Concerns
On July 31, 2018, the Office of Inspector General (“OIG”) of the United States Department of Health and Human Services released a portfolio titled “Vulnerabilities in the Medicare Hospice Program Affect Quality Care and Program Integrity” (the “Portfolio”).
The Portfolio provides 15 recommendations to the Centers for Medicare & Medicaid Services (“CMS”) regarding hospice oversight based upon a review of the Medicare hospice benefit and hospice care generally since 2005. Notably, the Office of Evaluation and Inspections conducted the study, as opposed to the Office of Audit Services, indicating that the study was a broad, investigative look into the hospice industry rather than a more focused review typical of an OIG audit assessment. The study examined prior OIG evaluations and audits of billing and quality of care, as well as investigations of hospice-related fraud cases.
The Portfolio highlights the growth of hospice utilization and reimbursement over the last decade, and describes OIG’s findings with respect to the adequacy and quality of hospice services provided to Medicare beneficiaries. The Portfolio also highlights the importance of providing adequate education to hospice patients and their families and caregivers about the CMS hospice benefit. While OIG acknowledges that not all hospice care facilities have the vulnerabilities identified in this Portfolio, it is important for stakeholders to review the concerns and recommendations expressed by OIG in the Portfolio in order to get a full picture of the government’s stance and to evaluate their services for any of the identified deficiencies that may subject them to enforcement risk.
Compliance and Enforcement Considerations
The Portfolio demonstrates continued scrutiny of hospice services by the government and represents a trend toward ongoing government enforcement against the hospice industry. Therefore, to mitigate risk, it is important that the hospice industry consider the government’s current focus, as outlined below, and incorporate mitigation efforts into corporate compliance programs. The key risk areas include the following:
Specific Service Considerations
The Portfolio focuses on the provision of and billing for varying levels of care as well as evaluation of the care setting. The Portfolio indicates that hospice providers performing solely routine services are under more intense scrutiny than hospice providers providing other levels of care. OIG highlights that between 2006 and 2016, hundreds of hospices provided only routine home care, the most basic level of care, to all of their beneficiaries served throughout the year. This trend is increasing over time. In 2016, over 650 hospices provided only routine home care, which is a 55 percent increase from 2011. When a hospice provider’s services are limited to routine home care, the government is concerned that beneficiaries might not have access to the more intensive services they need despite the obligation that hospice facilities provide all services necessary for the management of the patient’s illness and related conditions. The Portfolio emphasizes that it is critical that hospice providers also provide general inpatient care and continuous home care when patients need more intensive services. A failure to provide all levels of care to beneficiaries, as well as respite inpatient care to caregivers, could be problematic from the government’s perspective. Providers should incorporate awareness of the case mix into their compliance efforts.
OIG also identified significant inappropriate billing by hospices for services not meeting Medicare requirements for the level of care billed. Some hospices billed for inappropriate levels of care and for expensive levels of care that the patient did not need. Specifically, the Portfolio indicates that in 2012 hospices billed one-third of all general inpatient care stays inappropriately, costing Medicare over $250 million. General inpatient care is the second most expensive level of care, and hospices often billed for it when the beneficiary needed only routine home care. Hospices received an unadjusted daily fixed payment rate of $672.00 a day for inpatient care instead of $151.00 a day for routine home care.
A major takeaway from the Portfolio is OIG’s particular focus on for-profit hospices providing care to patients in skilled nursing facilities (“SNFs”) or assisted living facilities (“ALFs”). OIG maintains a skepticism toward for-profit hospices, and specifically identifies these hospice providers as potential “bad actors.” OIG highlights certain data points to support such skepticism, providing that, while for-profit hospices billed 41 percent of their general inpatient care stays inappropriately, nonprofit and government-owned hospices billed 27 percent of their general inpatient stays inappropriately. Also, based on its findings, OIG stated that hospices were more likely to bill inappropriately for general inpatient care provided in SNFs than in any other care setting. Moreover, OIG believes that hundreds of hospices targeted beneficiaries in certain care settings, such as ALFs, who have long lengths of stay in order to receive higher Medicare payments. Again, OIG specifically draws attention to for-profit hospices whose service and billing practices result in reimbursement levels of thousands of dollars more than nonprofit hospices per beneficiary in ALFs. Similarly, OIG believes that for-profit hospices also target beneficiaries in nursing facilities because these beneficiaries commonly have conditions associated with less complex care, longer stays, and more Medicare payments.
Another area of focus in OIG’s recommendations is the adequacy of physician attestations, clinical documentation, financial records, and other documents that support claims for reimbursement. The study found that some hospice physicians are not meeting requirements when certifying beneficiaries. In particular, physicians did not explain their clinical findings or attest that their findings were based on their examination of the beneficiary or review of medical records. Relatedly, many physicians were found to have provided patients and their families with incomplete or inaccurate election statements resulting in a lack of clarity among beneficiaries, their families, and caregivers around what beneficiaries are entitled to receive or give up with the election of hospice services.
Medical Necessity and Eligibility and Appropriateness of Benefits
OIG also discovered a number of fraud schemes involving hospices inappropriately billing beneficiaries. For example, OIG identified fraud schemes in which hospice providers paid recruiters to target beneficiaries who were not eligible for hospice care and other schemes in which physicians falsely certified a patient’s eligibility for hospice care. Beneficiaries who are inappropriately enrolled in hospice care may unwittingly forgo needed treatment or will not have their services reimbursed as Medicare only pays only for palliative care and not for curative treatment.
The key to mitigating the risks identified in the Portfolio and shielding hospice providers from government enforcement inquiries or actions is maintaining an effective corporate compliance program. Even if a hospice provider already has a compliance program in place, it must be reevaluated based on OIG’s recent findings. The compliance program should focus on ensuring that providers are providing the appropriate level of care in the appropriate care setting. Providers should provide the four levels of Medicare reimbursed hospice care based on each patient’s medical need and when appropriate regardless of reimbursement considerations. Physicians must accurately certify a beneficiary’s terminal illness and the appropriateness of hospice care. Consequently, hospices need to ensure that claims data is as accurate as possible. Hospices must also make sure that proper education materials on the hospice benefit are provided to their patients and their caregivers.
Quality Program Considerations
A common thread woven throughout the Portfolio is the emphasis that OIG places on the need for increased attention to the quality of hospice care. In particular, OIG describes elements of hospice care where quality is lacking, and attributes some specific quality issues to the current payment methodology used by Medicare for hospice services.
Elements of Hospice Care with Trends of Poor Quality
OIG described specific instances in which evaluations and investigations revealed that hospice services have fallen short of quality care. The Portfolio also notes instances of hospices consistently failing to provide the services identified in the patient’s plan of care. OIG stated that adherence to a plan of care for a beneficiary is crucial and that the plans should be individualized and detailed, especially with respect to the scope and frequency of needed services. OIG also provides examples of hospices failing to properly manage a beneficiary’s medication, leaving the beneficiary in pain for long periods of time. While the examples of hospices failing to provide quality care are concerning, it appears these reports reflect isolated bad actors in the hospice industry. However, one wonders if the broader skepticism associated with hospice quality of care by OIG can be attributed to a difference in understanding of disease progression and treatment alternatives.
Quality Issues Attributed to Payment Methodology
The Portfolio opines that Medicare’s current reimbursement methodology contributes to the issue of poor quality. The Medicare hospice benefit pays for every day that a patient is in care, as opposed to paying for specific services provided to beneficiaries. OIG also expresses significant concern that payment for hospice care is not tied to any quality measures, and recommends that CMS alter the system to tie payment to quality of care. Thus far, CMS has maintained that it does not have the statutory authority to introduce the quality measures that OIG suggests into the hospice payment methodology. However, the discord here could be an indication that a major hospice payment reform could be initiated in the future.
In light of the emphasis that OIG places on the quality of care throughout the Portfolio, hospice facilities should be proactive rather than reactive in building a robust quality-oriented program. Stakeholders should monitor the areas of concern identified by OIG and assess the status of these highlighted concerns in anticipation of their possible impact on payment in the future. Stakeholders should also conduct an assessment of their compliance programs to identify any areas of enforcement risk based on the concerns expressed by OIG in the Portfolio.
Submitted by: Kathleen Premo, Member, Epstein Becker & Green, P.C.
Francesca Ozinal, Associate, Epstein Becker & Green, P.C.
Megan Robertson, Associate, Epstein Becker & Green, P.C.
OCR Settles HIPAA Breach Involving Three Boston-Area Hospitals
On September 20, 2018, the Department of Health and Human Services’ Office for Civil Rights (“OCR”) entered into three separate settlement agreements totaling $999,000.00 with Boston Medical Center, Brigham and Women’s Hospital, and Massachusetts General Hospital. According to OCR’s press release, the three Boston hospitals violated HIPAA by inviting ABC film crews onto their premises to film a documentary series without first obtaining authorization from patients.
While both the resolution agreements and the press release do not provide much detail about the nature of the breach, it is clear that OCR is committed to ensuring that the privacy of patients during “their most private and vulnerable moments” remains protected at all times.
These enforcement actions raise important questions about the scope of patients’ reasonable expectation of privacy within hospital settings. In the past, the Supreme Court has recognized in various decisions that an individual’s reasonable expectation of privacy largely depends on context (i.e., individual expectation of privacy is greater at home or in private spaces than it is in public ones). The reasons why an individual may be at a particular location can also affect whether he or she has a reasonable expectation of privacy. For instance, a hospital patient’s expectation of privacy may be very different than that of friends or family visiting the patient at the hospital. In fact, the expectation of privacy can even be different depending on where in the hospital the patient might be (i.e, in the parking lot or reception versus in the examination room). Therefore, hospitals should consider context and the possible need for customized rules when creating policies for allowing television or film crews into their facilities.
The OCR press release and the three resolution agreements are available at: https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/bostoncases/index.html
Submitted by: Christian Perez Font, Managing Partner, Thinkeen Legal, P.A.
HHS Contemplates Changes to the HIPAA Privacy Rule and 42 C.F.R. Part 2 to Battle the Opioid Epidemic
The Department of Health and Human Services (“HHS”) will issue requests for information (“RFIs”) in regards to changing the HIPAA Privacy Rule (45 C.F.R. Part 160 and Subparts A and E of Part 164) and 42 C.F.R. Part 2 to allow payers and providers to more effectively fight the opioid epidemic affecting the country. HHS Secretary Alex Azar noted that the HIPAA Privacy Rule and 42 C.F.R. Part 2 can “get in the way of communities and families working together to combat our country’s crisis of opioid addiction.”  However, some experts argue that changes are to the HIPAA Privacy Rule are not required because healthcare professionals have the ability to act in the best interest of their patients, despite many providers avoiding disclosure of patient records without consent due to hyper-cautiousness.
On June 20, 2018, the House of Representatives passed the Overdose Prevention and Patient Safety Act (HR 6082, or the “Act”) which would amend 42 C.F.R. Part 2 to allow providers to disclose substance abuse patient records to other covered entities for purposes of treatment, payment and operations, without patient consent. As currently drafted, 42 C.F.R. Part 2 prohibits providers from sharing a patient’s substance abuse history without consent in an effort to encourage treatment for substance abuse addiction. Opponents to the Act argue that its passage jeopardizes the confidentiality of substance abuse treatment and will discourage individuals from seeking such treatment.  Similarly, opponents allege that 42 C.F.R. Part 2 needs stricter disclosure requirements than the HIPAA Privacy Rule because of the pervasive discrimination that exists regarding addiction.
Proponents of the Act, including many providers, have requested changes to 42 C.F.R. Part 2 to allow the sharing of substance abuse information among healthcare professionals without patient consent. Specifically, providers would like 42 C.F.R. Part 2 to mirror the HIPAA Privacy Rule, which allows providers to share protected health information without patient consent for the purposes of “treatment, payment, and health care operations.”
Regardless of whether HR6082 becomes law, both proponents and opponents of the Act agree that more must be done to combat the Nation’s opioid crisis.
Submitted by: Zachary Merson, Corporate Counsel, Availity, LLC
CMS Extends Enrollment Moratoria in Florida, Illinois, Michigan, Texas, Pennsylvania, and New Jersey For Certain Providers
The Centers for Medicare and Medicaid Services (“CMS”) extended the Medicare enrollment moratoria for home health agencies in Florida, Illinois, Michigan, and Texas and non-emergency ground ambulance providers in Pennsylvania and New Jersey effective July 29, 2018 for an additional six (6) months. Most recently, CMS extended the Medicare enrollment moratoria of home health agencies in Florida, Illinois, Michigan, and Texas and non-emergency ground ambulance providers in Pennsylvania and New Jersey on January 30, 2018.
Section 6401 of the Patient Protection and Affordable Care Act authorized CMS to impose temporary moratoria on the initial enrollment or establishment of new practice locations if the Secretary of CMS determined that such moratorium was necessary to prevent or combat fraud, waste, or abuse with respect to a particular provider or supplier types, particular geographic areas, or a combination of both. In 2013, CMS exercised this authority and imposed moratoria preventing enrollment of new home health agencies and branches in Miami-Dade County, Florida, and Cook County, Illinois, and the surrounding counties. Simultaneously, CMS imposed a moratorium on enrollment of Medicare Part B ground ambulance suppliers in Harris County, Texas, and the surrounding counties.
CMS exercised its authority to extend the initial moratoria on February 4, 2014, for an additional six (6) months and expanded the moratoria to also preclude enrollment of home health agencies in Broward County, Florida; Dallas County, Texas; Harris County, Texas; and Wayne County, Michigan, and surrounding counties, and expanded the moratorium of enrollment of ground ambulance suppliers to Philadelphia, Pennsylvania, and the surrounding counties. CMS further extended the moratoria on August 1, 2014, February 2, 2015, July 28, 2015, and February 2, 2016. When extending the moratoria on August 3, 2016 for an additional six (6) months, CMS expanded the home health agency moratorium statewide for Florida, Illinois, Michigan, and Texas and extended the Part B non-emergency ambulance moratorium statewide in New Jersey, Pennsylvania, and Texas.
Due to the August 25, 2017, Presidential Disaster Declaration for several Texas counties after Hurricane Harvey, CMS lifted the moratorium on non-emergency ground ambulance suppliers in Texas to assist with disaster response. The remaining moratoria prohibiting new enrollment of home health agencies in Florida, Illinois, Michigan, and Texas and non-emergency ground ambulance providers in Pennsylvania and New Jersey remain in place.
Submitted by: Timothy Wombles, Esq., Associate, Nelson Mullins Broad and Cassel
CMS “Major Proposed Rule” Attempts to Reflect Current Changes in Medical Practice in its Payment Systems
In July, the Centers for Medicare & Medicaid Services (“CMS”) published a proposed rule that addresses a number of topics; namely, changes to the Medicare physician fee schedule (“PFS”) and other Medicare Part B payment policies. These proposed changes could have significant effects on providers and services that are rendered within the increasingly expansive sphere of telemedicine. CMS proposes certain services that would not be subject to the limitations on Medicare telehealth services in section 1834(m) of the Social Security Act, and instead would be paid under the PFS like other physicians’ services. CMS reasons that these services are not considered by it to be Medicare telehealth services.
For example, in the proposed rule, CMS confronts the issue of brief “check-in” services furnished using communication technology that are used to evaluate whether or not an office visit or other service is warranted. Currently, when these kinds of check-in services are furnished prior to an office visit, they are bundled into the payment for the resulting visit. However, an inconsistency arises when these check-in services do not result in a visit, and thus there is no opportunity for payment of the service to be bundled.
CMS attempts to combat this issue by proposing to pay separately, beginning January 1, 2019, for a “newly defined type of physicians’ service furnished using communication technology.” The proposed code, described as GVCI1 (Brief communication technology-based service), would provide that check-in services described above, originating from a related E/M service provided within the previous seven days by the same physician or other qualified healthcare professional, be bundled into the pre- or post-visit time of the associated E/M service and not be separately billable. On the contrary, if the telehealth service is not related to an office visit within the past seven days and does not result in a future office visit or related service, CMS proposes a separate payment for the service. Additionally, CMS would also make separate payments for consultations between professionals performed through communications technology regarding a patient’s treatment.
CMS hopes such changes will aid in advancing its overall effort to “further expand access to telehealth services within the current statutory authority and pay appropriately for services that take full advantage of communication technologies.”
The comment period for this proposed rule ended on September 10, 2018.
Submitted by: Anne L. Kelley, J.D. Candidate, UF Levin College of Law
A New Age for Healthcare Mergers
The pending mergers of Cigna and Express Scripts and CVS Health and Aetna are examples of the ever-changing healthcare marketplace. Both transactions have faced opposition, Cigna and Express Scripts from significant Cigna investor Carl Icahn, who alleged Cigna was overpaying for a company that faces an uphill battle, and CVS Health and Aetna, from California Insurance Commissioner Dave Jones, who asked the United States Department of Justice (“DOJ”) to block the merger over concern that reducing competition for Medicare Part D plans would likely result in higher premiums.
Cigna and Express Scripts cleared their largest and final regulatory hurdle on September 17, 2018, when the DOJ approved the proposed $67 billion merger, which was announced in March and is scheduled to close at the end of 2018. The DOJ determined that the merger would not harm competition in either the insurance or pharmacy benefit manager markets, and does not impede efforts to lower drug prices and increase quality of care. The DOJ said it reviewed more than two million documents and interviewed more than 100 industry experts during its six-month investigation.
Meanwhile, the DOJ’s antitrust review of CVS Health’s $69 billion bid to acquire Aetna, which would combine a pharmacy, benefits manager, insurer, and retailer with more than 1,000 walk-in clinics across 33 states into one entity, is ongoing. Sources have indicated that the DOJ’s review is taking longer than anticipated due to concern about both companies’ Medicare Part D plans. To ease anti-competitive concerns, it is expected that the DOJ will require CVS and Aetna to divest some of their Medicare Part D assets.
These mergers come on the heels of the DOJ blocking two insurance company mega mergers. In 2016, the DOJ sued to block Anthem’s acquisition of Cigna and Aetna’s acquisition of Humana due to concerns that the mergers would harm consumers by increasing premiums, reducing benefits, and decreasing competition. Unlike the Anthem-Cigna and Aetna-Humana mergers, which would have resulted in horizontal integration (a reduction from five major insurance companies to three) the Cigna-Express Scripts and Aetna-CVS Health mergers would result in vertical integration, which is less of an anti-competitive risk.
These transactions are taking place at a time when pharmacy benefit managers like Express Scripts are under heightened regulatory scrutiny for their relationships with pharmaceutical companies and providers, as well as their contribution to the ever-rising cost of prescription drugs. It remains to be seen how the proposed merger will impact drug costs and physician relationships.
Large mergers and acquisitions can be expected to increase in volume as healthcare industry veterans leverage their market presence in preparation for new players to enter into the healthcare space, including Amazon, which recently acquired online pharmacy retailer PillPack for $1 billion.
Submitted by: Erica Mallon, Corporate Counsel, Greenway Health
 Dep’t of Health & Human Services Office of Inspector General Advisory Opinion No. 18-07 (July 20, 2018), available at https://oig.hhs.gov/fraud/docs/advisoryopinions/2018/AdvOpn18-07.pdf.
 42 C.F.R. 1001.952(j).
 See Fred Donovan, HHS Pushes for Changes to HIPAA Privacy Rule, 42 CFR Part 2, HealthIT Security (Aug. 9, 2018, 11:20 AM), available at https://healthitsecurity.com/news/hhs-to-propose-changes-to-hipaa-privacy-rule-42-cfr-part-2.
 See Marianne Kolbasuk McGee, HHS Weighs Changes to Health Data Privacy Regulations, GovInfo Security (Aug. 1, 2018), available at https://www.govinfosecurity.com/hhs-weighs-changes-to-health-data-privacy-regulations-a-11271.
 See supra note 4.
 See Deborah Reid & Mark Parrino, Relaxing Patient Privacy Protections Will Harm People with Addiction, The Hill (July 22, 2018, 11:00 AM), available at http://thehill.com/opinion/healthcare/398077-relaxing-patient-privacy-protections-will-harm-people-with-addiction.
 See supra note 4.
 Medicare, Medicaid, and Children’s Health Insurance Programs: Announcement of the Extension of Temporary Moratoria on Enrollment of Part B Non-Emergency Ground Ambulance Suppliers and Home Health Agencies in Designated Geographic Locations, 83 Fed. Reg. 4,147 (Jan. 30, 2018).
 Medicare, Medicaid, and Children’s Health Insurance Programs: Announcement of Temporary Moratoria on Enrollment of Ambulances Suppliers and Providers and Home Health Agencies in Designated Geographic Areas, 78 Fed. Reg. 46,339 (July 31, 2013).
 Medicare, Medicaid, and Children’s Health Insurance Programs: Announcement of New and Extended Temporary Moratoria on Enrollment of Ambulances and Home Health Agencies in Designated Geographic Locations, 79 Fed. Reg. 6,475 (Feb. 4, 2014).
 Medicare, Medicaid, and Children’s Health Insurance Programs: Announcement of Decision to List the Temporary Moratorium on Enrollment of Non-Emergency Ground Ambulance Suppliers in Texas, 82 Fed. Reg. 51,274 (Nov. 3, 2014).
 Medicare Program; Revisions to Payment Policies Under the Physician Fee Schedule and Other Revisions to Part B for CY 2019; Medicare Shared Savings Program Requirements; Quality Payment Program; and Medicaid Promoting Interoperability Program, 83 Fed. Reg. 35,704 (July 27, 2018), available at https://www.federalregister.gov/documents/2018/07/27/2018-14985/medicare-program-revisions-to-payment-policies-under-the-physician-fee-schedule-and-other-revisions.