The following are brief summaries prepared by section volunteers of new developments in Florida health care law that may be of interest to members of the Health Law Section. The summaries are presented for general information only as a courtesy to section members and do not constitute legal advice from The Florida Bar or its Health Law Section.      

FRAUD AND ABUSE

U.S. District For Southern District of Florida Dismissed A Whistleblower Action Alleging Below-Market Rentals by Hospital Corporation.

The US District Court for the Southern District of Florida dismissed a whistleblower action against Tenet Healthcare Corporation for allegedly leasing space to physicians at below-market rates in exchange for patient referrals that resulted in claims submitted for payment to Medicare and Medicaid and other federal healthcare programs.  

The Relator, Marc Osheroff,  is the owner of a full-service real estate company who brought the qui tam action on behalf of himself and the United States of America and Florida, Georgia, Texas, Tennessee and California. The Relator alleged that the claims submitted on the basis of the referrals constituted false claims under  the  False Claims Act (FCA) and in violation  of Stark Law and  Anti-Kickback Statute (AKS).

Defendants, Tenet owns or leases medical office buildings and hospitals.  Tenet argued that the Court lacked subject matter jurisdiction because Relator’s qui tam action was based on information publicly disclosed from the “news media” and the Relator was not an original source of the information. Tenet contented that the Relator’s complaint was based on information which was posted on a website marketing the sale of its medical office buildings which  constituted a public disclosure through the “news media”.  Tenet moved to dismiss based on FCA’s public disclosure bar and on the pleading requirements of Fed. R. Civ. P.  9(b).

The Court rejected Tenet’s argument that the information was a disclosure through the “news media” the Court found that the Relator’s action “is based upon an alleged fraud that was first discerned through Relator’s synthesis and analysis of otherwise apparently innocuous, garden-variety real estate/financial information.”  The Court found that the public disclosure bar only applied to “existing allegations or transactions of wrongdoing that have been publicly disclosed.”

Addressing  Stark Law, the District Court concluded that the Relator failed to allege a prohibited financial relationship between a physician and Tenet.  Relator had alleged that the below-market rentals resulted in an “indirect payment” to the physicians from Tenet for their referrals.  The Court explained that to support Relator’s theory, he needed to allege a benchmark of fair market value to evaluate the lease arrangements.

Addressing AKS,  the Relator had no facts to suggest “that any physician tenants were induced by their rent to make referrals based on continued remuneration” and there was no basis on which the District Court could “reasonably infer that any alleged remuneration clouded the independent judgment of the physician-tenant.”  The Court Dismissed the Whistleblower Action because the Relator had not plead facts with particularity showing a violation of Stark and/ or AKS  but granted leave to amend.

United States ex rel. Osheroff v. Tenet Healthcare Corp., No 1:09-cv-22253-PCH (S.D. Fla. July 12 2012).

Reported by: Karina P. Gonzalez

PROFESSIONAL LICENSURE

The Physician Immunity Statute

In recent decades, more and more physicians have become inventors of medical devices and other tangible and intangible additions to the medical art, including medical and surgical procedures. Not surprisingly, these physicians/inventors seek patent protection for the procedures they have developed. And, if a patent is, in fact, issued, that physician may also seek to enforce it by filing a patent infringement action in federal court. If and when that happens, a little known but relevant statute often comes into play.

The Physician Immunity Statute, 35 U.S. C. §287(c) provides an exemption from patent infringement liability for physicians in certain situations. More specifically, section 287(c)(1) grants immunity from patent infringement suits to both “medical practitioners” and “related health care entities” when they engage in protected “medical activity.” All of these quoted terms are defined in the statute. For example, “medical activity” covers medical and surgical procedures performed on the body as long as those procedures do not include or use (1) a patented machine or manufacturer, (2) composition of matter or (3) a patented process in violation of a biotechnology patent. While helpful, these definitions can themselves create definitional issues. For example, what is a “composition of matter”? Moreover, these definitions also create exceptions to the statute’s primary purpose, i.e., immunity.

Applying the Physician Immunity Statute in practice is, of course, fact specific. Moreover, its reach can be either broad or narrow, depending on the applicability of the three exceptions noted above, as well as the other requirements the statute spells out. If you represent physicians or other members of the healthcare community, this is a statute that you should be familiar with.

Reported by: Robert V. Williams, Esq., Williams Schifino Mangione & Steady, P.A.

LIFE SCIENCES

Florida’s Department of Business and Professional Regulation (“DBPR”) may soon start auditing pharmaceutical distributors to determine whether they are complying with Florida’s laws regarding reporting of controlled substances.  Effective July 1, 2011, certain distributors were required to register with the DBPR Controlled Substance Reporting database and submit monthly reports.  Many companies with DEA numbers have not yet registered.  More information is available at this link:  http://www.myfloridalicense.com/dbpr/ddc/CSR.html.

Reported by: Shannon Hartsfield Salimone

Hospital Conditions of Participation Final Rule is Released – CMS Announces Delay In Interpretative Guidelines

On May 10, 2012, the Centers for Medicare & Medicaid Services (CMS) published a final rule, “Medicare and Medicaid Programs; Reform of Hospital and Critical Access Hospital Conditions of Participation” (Final Rule), that is designed to reduce unnecessary, obsolete, and/or burdensome regulations on hospitals and health care providers. This Final Rule was first proposed in October 2011 and was developed in response to President Obama’s January 18, 2011 Executive Order 13563, “Improving Regulation and Regulatory Review,” which directed executive agencies to establish a plan for conducting ongoing retrospective reviews of existing regulations in order to identify those rules that can be eliminated as obsolete, unnecessary, burdensome or counterproductive, or those that can be modified to be more effective, efficient, flexible and streamlined. According to a CMS Press Release, dated May 10, 2012 (Press Release), President Obama’s regulatory reform is anticipated to save nearly $1.1 billion across the health care system in the first year and more than $5 billion over five years.

The Final Rule is designed to reduce the regulatory burden on hospitals and CAHs, by “modifying, removing, or streamlining current regulations that [CMS has] identified as excessively burdensome,” including, among other things:

  • Requiring that the credentials of all eligible candidates, as defined by the governing body, be reviewed by the medical staff for potential appointment to the hospital medical staff and allowing hospitals to have more flexibility to include other practitioners, such as ARNPs, PAs, and pharmacists, as eligible candidates for the medical staff with hospital privileges in accordance with State law, who will function within their scope of practice and under the rules of the medical staff;

  • Supporting and encouraging patient-centered care, through such changes such as allowing a patient or his or her caregiver/support person to administer certain medications (both those brought from the patient’s home and those dispensed by the hospital), and by allowing hospitals to use a single, interdisciplinary care plan that addresses nursing and other disciplines (removing the requirement of having a stand-alone nursing care plan);

  • Allowing hospitals to determine the best ways to oversee and manage outpatients by removing the unnecessary requirement for a single Director of Outpatient Services; and

  • Increasing flexibility for hospitals by allowing one governing body to oversee multiple hospitals in a single health system.

This Final Rule also allows podiatrists to assume a new leadership role within a hospital, eliminates the “obsolete” requirement that hospitals maintain an infection control log, and makes certain changes with respect to patient orders. It further requires that a hospital’s governing body include at least one medical staff member “as a means of ensuring communication and coordination between a single governing body and the medical staffs of individual hospitals in the system.”

The Final Rule is effective sixty (60) days after its publication, or July 12, 2012. As a result of the numerous changes set forth in the Final Rule, CMS stated that it would develop Interpretative Guidelines “to assist hospitals, surveyors, and the public in implementing” the Final Rule.

Notwithstanding the foregoing, on June 15, 2012, the Director of the Survey and Certification Group of CMS’ Office of Clinical Standards and Quality/Survey & Certification Group issued a memorandum to State Survey Agency Directors stating that, while it is in the process of developing interpretative guidelines to assist surveyors in assessing compliance under the revised CoPs, “due to the number and complexity of the revisions” to the revised CoPs, the interpretative guidelines “may not be published for all of the affected requirements by July 16th. . .”

In addition, the memorandum states that, until surveyors receive instructions from CMS, they should not attempt to assess a hospital’s compliance with, or cite deficiencies related to, CoP 482.12, which requires a hospital to include one or more members of the medical staff on its governing body, since “CMS is presently considering this policy in light of the numerous comments that have been received since publication of the final rule.” The memorandum also states that surveyors should “not interpret on their own” this requirement, and must not issue citations related to this specific provision. Further, the memorandum notes that the three accreditation organizations with a CMS-approved Medicare hospital accreditation program (the American Osteopathic Association, Det Norske Veritas Healthcare, and The Joint Commission) were being instructed not to revise their accreditation standards related to this aspect of the composition of the governing body until CMS has addressed the issue completely. The memorandum states that “we are carefully reviewing the comments and will reconsider this requirement in future rulemaking.”

As noted above, CMS received a number of comments relating to CoP 482.12, including from the American Hospital Association (AHA) and the National Association of Public Hospitals and Health Systems (NAPH). Certain of the comments stated that the new CoP 482.12 represented substantive policy changes which were not included in the notice of proposed rulemaking and therefore violate the Administrative Procedures Act. The AHA concluded that the “the governing body requirement for medical staff participation should be rescinded immediately,” while the NAPH stated that the CoP “is in direct conflict with many state and local law requirements for public hospital governing board membership” and urged CMS “to either rescind this provision because its promulgation violates [the APA’s] notice and comment rulemaking requirements…, or, in the alternative, treat this new policy addition as a proposed rule under the process established in section 1871(a)(4) of the Social Security Act for which comment must be sought.” 

Reported By: Lynn Barrett

HEALTH INFORMATION TECHNOLOGY & PRIVACY

Still Waiting for the HITECH Omnibus Rule

According to Health Data Management (Goedert, 6/6), Farzad Mostashari, the National Coordinator for Health Information Technology within the Office of the National Coordinator for Health Information Technology (ONC), announced during the keynote address at the 2nd International Summit on the Future of Health Privacy in Washington, D.C. that the final HIPAA Omnibus Rule was due to be released by the end of the summer, however, that deadline has passed without any definitive date set for its release. The Omnibus Rule would include changes to the HIPAA Privacy, Security, Enforcement and Breach Notification Rules, as well as changes relating to the Genetic Information Non-Discrimination Act. It was received by the Office of Management and Budget on March 24, 2012.

OCR Releases HIPAA Audit Protocol

HHS’ Office for Civil Rights has established and posted on its website a “comprehensive audit protocol” that contains the requirements to be assessed through performance audits that are required pursuant to the HITECH Act’s “periodic audit” mandate. The audit protocol covers HIPAA Privacy Rule requirements for notice of privacy practices for Protected Health Information (PHI), rights to request privacy protection for PHI, individuals’ access to PHI, uses and disclosures of PHI, amendments to PHI, and accountings of disclosures. The protocol also covers Security Rule requirements for administrative, physical and technical safeguards, as well as requirements for the Breach Notification Rule. The protocol identifies the “established performance criteria” under each regulatory section and subsection, sets forth the key activity that would be assessed as well as the audit procedures for such assessments, and, with respect to Security Rule requirements, states whether the implementation specification is “required” or “addressable.” There are 88 performance criteria for the Privacy and Breach Rules (78 related to the Privacy Rule and 10 related to the Breach Notification Rule) and 77 performance criteria for the Security Rule. For example, under 45. C.F.R. § 164.404(a), the established performance criteria is as follows:

“§164.404 – Notice to Individuals §164.404 (a) A covered entity shall, following the discovery of a breach of unsecured protected health information, notify each individual whose unsecured protected health information has been, or is reasonably believed by the covered entity to have been, accessed, acquired, used or disclosed as a result of such breach.”

The key activity is “Notification to Individuals” and the audit procedure is to “Inquire of management as to whether a process exists for notifying individuals within the required time period. Obtain and review key documents that outline the process for notifying individuals of breaches.”

GAO Report: HHS Still Has Work to Do

In a recent report entitled “Prescription Drug Data: HHS Has Issues Health Privacy and Security Regulations but Needs to Improve Guidance and Oversight,” (GAO-12-605), the Government Accountability Office (GAO) found that, while the Department of Health and Human Services (HHS) has established a framework for protecting the privacy and security of the prescription drug use information of Medicare beneficiaries, it has not issued all required guidance and has not fully implemented required oversight capabilities.

According to the GAO Report, GAO’s specific objective for its review was to determine the extent to which HHS has established a framework to ensure the privacy and security of Medicare beneficiaries’ protected health information when data on prescription drug use are used for purposes other than direct clinical care.

GAO found although HHS has issued regulations, including HIPAA’s Privacy and Security Rules, to safeguard Protected Health Information (PHI) from unauthorized use and disclosure, has established an investigations process for responding to reported violations of these Rules, and had undertaken a variety of outreach and informational efforts to inform the public and covered entities about the uses of PHI, it has not issued required implementation guidance to assist entities in de-identifying PHI, including when it is used for purposes other than directly providing clinical care to individuals. In addition, GAO found that while HHS has initiated a pilot program for conducting compliance audits, it does not have plans for continuing the audit program after the completion of the pilot program, or for auditing covered entities’ business associates.

GAO recommended that HHS issue guidance on properly implementing HIPAA Privacy Rule requirements for the de-identification of PHI, and establish a plan for a sustained audit program after the completion of the pilot program at the end of 2012. HHS generally agreed with both recommendations but provided qualifying comments to each, where HHA disagreed with GAO’s assessment of the impacts of the lack of guidance and lack of a sustained audit capability.

 Reported By: Lynn Barrett