October-November 2018 Health Law Updates

December 2018

Dear Health Law Section Members:                                                  

The Health Law Section (“HLS”) website has been updated with October through November 2018 articles on significant developments in the health law arena that may be of interest to you in your practice.  These summaries are presented to HLS members for general information only and do not constitute legal advice from The Florida Bar or its Health Law Section.  HLS thanks the following volunteers who have generously donated their time to prepare these summaries for our members:

Jocelyn E. Ezratty, Esq., Brach Eichler, LLC

Angelina Gonzalez, Esq., Panza, Maurer & Maynard, P.A.

Kelli Keeler, Esq., Staff Counsel, Availity, LLC

Erica C. Mallon, Esq., Greenway Health

Kathleen Premo, Esq., Elizabeth Scarola, Esq.,  & Matthew Sprankle, Esq.,

Epstein Becker Green, PC

Anushree (“Anu”) Sagi-Nakkana, Esq., ASN Law Firm

Thank you,

 

Jamie Gelfman, Esq., Nelson Mullins Broad and Cassel, HLS Editor in Chief

Ashley Brevda, Esq., Corporate Counsel/Chief Compliance Officer, Oncology Analytics, Inc., HLS Team Editor

Trish Huie, Esq., Patricia A. Huie, PLLC, HLS Team Editor

Download the Word DOCX or PDF versions of the Updates using the links below: 

October November 2018 HLS Updates (DOCX)

October November 2018 HLS Updates (PDF)

---

COMPLIANCE UPDATES

Claims of Kickbacks Based on Physician Salaries Signals a Need for Increased Compliance Efforts

Compliance with health care laws and regulations not only affords protection against potential state and federal criminal and civil prosecution, but is also essential for protection against litigation from private individuals and entities.

Lee Heath, a public health system[1] that operates six hospitals in Florida, is facing allegations of kickbacks from its former head internal auditor, who brought a lawsuit against the health system alleging that it inappropriately compensated physicians with inflated salaries.[2]  Salaries are generally believed to be a more protective form of compensation from a compliance standpoint because they are paid to employees of the given company and they are an earned form of payment. Further, the federal anti-kickback laws contain an exception for remuneration paid to bona fide employees.[3]  However, the former auditor of Lee Health purports that the salaries paid by Lee Health should not be afforded such protection. 

Although the case was filed in 2017, the clerk recently unsealed the case, making it public in September 2018.[4] Since then, Lee Health’s attempts to re-seal exhibits revealing physician compensation have been denied.

The claims about the alleged salaries describe an environment where certain physicians who had a sizable impact on business generation were paid significantly more than other physicians. The lawsuit alleges that from 2005 through 2014, these physicians were financially incentivized to generate business through referrals by receiving compensation well above fair market value for their professional medical services. The suit also describe practices whereby services performed by nurses and other non-physician providers were billed as though they were performed by the physicians themselves to generate higher reimbursement rates.

It’s worth noting that this lawsuit comes after Lee Memorial Hospital, one of Lee Health’s hospitals, settled a False Claims Act case for about $160,000 with the Department of Justice in 2012 relating to allegations of over-charging Medicare from 2000 to 2008.[5]

This lawsuit is a reminder that caution must be paid not only to the structure of an arrangement, but also to the execution of an arrangement involving compensating providers and billing for health care services. Although the anti-kickback safe harbors and exceptions illustrate situations where risk of health care fraud and abuse may be mitigated, it does not guarantee protection from potential enforcement actions.

Physician compensation should be consistent with fair market value, commercially reasonable, and compensation should not be based on the business generated by the provider for additional protection from risk of litigation or government enforcement actions.  The Stark law defines “fair market value” for us at 42 C.F.R. 411.351[6] as:

[T]he value in arm’s-length transactions, consistent with the general market value.  “General market value” means the price that an asset would bring as the result of bona fide bargaining between well-informed buyers and sellers who are not otherwise in a position to generate business for the other party, or the compensation that would be included in a service agreement as the result of bona fide bargaining between well-informed parties to the agreement who are not otherwise in a position to generate business for the other party, on the date of acquisition of the asset or at the time of the service agreement. Usually, the fair market price is the price at which bona fide sales have been consummated for assets of like type, quality, and quantity in a particular market at the time of acquisition, or the compensation that has been included in bona fide service agreements with comparable terms at the time of the agreement, where the price or compensation has not been determined in any manner that takes into account the volume or value of anticipated or actual referrals.

When determining appropriate compensation for physicians or other professionals, providers should take comparable compensation for similar services into consideration at the time of preparation of the employment agreement, and the compensation should not differ based upon the physicians’ potential or actual business generated for the provider, as reflected in the definition of “fair market value.”  Finally, all compliance efforts should be documented and readily available in case questions arise in the future. 

Submitted by:            Jocelyn E. Ezratty, Esq., Brach Eichler, LLC

LEGISLATIVE UPDATES

Audited Financials No Longer Needed in General Hospital

Certificate of Need Applications

On May 8, 2018, Administrative Law Judge (“ALJ”) David Watkins issued a final order in Venice HMA Hospital, LLC d/b/a Venice Regional Bayfront Health v. Agency for Health Care Administration, invalidating Rule 59C-1.008(4), Florida Administrative Code, to the extent that the Rule required Certificate of Need (“CON”) applicants for general hospitals to submit audited financial statements with their CON applications.[7] ALJ Watkins concluded that Rule 59C-1.008(4), Florida Administrative Code, was an invalid exercise of delegated authority, as applied to CON applicants for general hospitals because:

General hospitals are not required to submit proof of financial ability to operate at the time of the submission of the CON application. In accordance with rule 59C-1.010(2)(d), general hospitals are required to comply with the requirements of sections 408.035(2) and 408.037(2). Neither of those statutes requires that a general hospital applicant submit proof of financial ability to operate until 120 days after the issuance of the final CON to the applicant.[8]

This holding is particularly important because the controversy arose from an administrative proceeding where a general hospital application was being reviewed.[9]   The CON applicant, Venice Regional Medical Center, argued that it was irrelevant that it had failed to include audited financial statements with its CON application, since financial feasibility was no longer an applicable criterion. The applicant further argued that regardless of its failure to include the audited financial statements, its CON application should be deemed complete.  As noted above, ALJ Watkins agreed with the applicant’s reasoning on this point. The holding in Venice HMA Hospital underscores that a CON applicant for a general hospital is no longer required to support or defend its project’s short-term or long-term financial viability during the application review process.

Submitted by:            Angelina Gonzalez, Esq., Associate, Panza, Maurer & Maynard, P.A.

CMS Final Rule Expands Medicare’s Reimbursement for Physician Services

Furnished Using Communication Technology

On November 1, 2018, the Centers for Medicare and Medicaid Services (“CMS”) finalized proposals to separately pay for a newly defined physician’s service furnished using communication technology:  the “virtual check-in” (the “Final Rule”).^[10] The Final Rule permits physicians and certain qualified practitioners (defined below) to be reimbursed for providing communication technology-based services to established patients beginning on January 1, 2019.  The Final Rule promotes Medicare beneficiaries’ access to these telehealth services by removing certain restrictions traditionally placed on delivery of telehealth services and creating various payment codes for telehealth and telehealth-like services.

^[11]

1. CMS Pays for the Newly Defined “Virtual Check-In”

Beginning January 1, 2019, reimbursement will be available to physicians or those who can report evaluation and management (“E/M”) services in accordance with applicable state law and CMS billing and coding standards (“qualified practitioners”) for a brief, non-face-to-face check-in with established patients to assess whether the established patient’s condition requires an office visit. The brief communication technology-based service is billable under HCPCS code G2012. The established patient must not have had a related E/M service provided within the previous seven days, and the payable services must also not lead to an E/M service or procedure within the next 24 hours.^[12] If the review of the patient-submitted image/video leads to an E/M service within the next 24 hours, then the event is considered bundled into the pre- or post- visit time of the associated E/M service, and will not be separately billable.

Notably, CMS will allow both audio-only real-time telephone interactions in addition to synchronous, two-way audio interactions that are enhanced with video or other kids of data transmission. So long as the brief communication service meets the aforementioned requirements, there is no frequency limitation as to the number of such services providers may submit in Fiscal Year 2019.

Despite the request from commenters, CMS declined to expand services beyond the scope of qualified billing professionals to established patients. For example, CMS responded to a request from a commenter requesting that telemedicine services provided by physical therapists be payable. CMS noted in a response that the Agency agrees that similar check-ins provided by clinical staff can be “important aspects of coordinated care,” but noted that such clinical staff services are included in the RVUs for other codes, including those that describe E/M visits, part of several care management services, and procedures with global periods.

1. CMS Expands Access to Telehealth Services for Medicare Beneficiaries

The Final Rule is a departure from Medicare’s typical restrictions on telehealth services, including (1) restrictions on applicable “originating sites” (i.e., where the patient is located)[13] and (2) limits on appropriate telehealth “modalities” (means of delivering the telehealth service).

1. Removing Originating Site Restrictions for Services Delivered Via Telehealth

Effective January 1, 2019, CMS plans to add the following locations to its list of originating sites: Medicare beneficiary homes for those receiving home dialysis for end-stage renal disease (“ESRD”), renal dialysis facilities, and mobile stroke units (ambulances equipped to handle acute stroke). This change allows health care providers to implement telehealth services in locations that had not been previously covered under Medicare,^[14] giving providers the opportunity to both provide care to a wider range of patients and provide patients with greater access to the treatment they need.

Similarly, under this Final Rule, health care providers may deliver (and be reimbursed for) services delivered via telehealth to patients with substance use disorders for treating substance use and co-occurring mental health disorders beginning on January 1, 2019.[15]

These changes are significant for many stakeholders. Health care providers will soon be paid for delivering a service via telehealth to patients in their home regardless of where that patient’s home is located.  Providers will receive this reimbursement at the same rate as if the service were to be furnished in person. Medicare beneficiaries also benefit in that those with substance use disorders may now access care simply by setting up a telehealth appointment delivered to their home.

1. Providing Reimbursement for Various Additional Telehealth Services

Telehealth has traditionally been described as having three “modalities” by which the telehealth service is delivered to patients: via (a) two-way, interactive audio-video (“synchronous” telehealth); (b) store-and-forward technology;^[16] and (c) remote patient monitoring (“RPM”). Medicare previously has reimbursed solely for telehealth services transmitted using an “interactive 2-way telecommunications system (with real-time audio and video).”  The Final Rule provides for expanded access to all three modalities.

In addition to providing reimbursement for synchronous “virtual check-ins,” CMS announced that it is finalizing the addition of prolonged preventive services (HCPCS code G0513 and G0514) to Medicare’s reimbursement for telehealth services list. Met with unanimous support from commenters, these codes signify time spent by health care providers “beyond the typical service time of the primary procedure.” These wellness visits must be furnished via telehealth “in the office or other outpatient setting requiring direct patient contact beyond the usual service.” G0513 establishes payment for the first 30 minutes of this preventative care service, while G0514 pays for each additional 30 minutes.

The Final Rule also establishes payment for the “Remote Evaluation of Pre-Recorded Patient Information,” a “store-and-forward”-like service that CMS states is not subject to traditional Medicare telehealth service restrictions because this evaluation is not a substitute for an in-person service currently separately payable under the Physician Fee Schedule. This service intends to determine whether follow up office visits or other services would be necessary. Although CMS considered implementing this code both for new and established patients, the Final Rule only permits payment for HCPCS code G2010 for established patients (those who have had a prior in person or telerehab past visit with the qualified provider). Health care providers must also ensure that they provide a timely diagnosis within 24 business hours in order to be eligible for payment under this code. Providers will be happy to know that a diagnosis can be delivered by e-mail, phone call, virtual visit, text message, or through the patient portal. However, like the virtual check-ins, in order for these services to be payable, they must be stand-alone services separately billed to the extent that there is no resulting E/M office visit and there is no related E/M office visit within the previous seven days of the remote service being furnished.

Further recognizing the importance of touch points for patients with chronic conditions, the Final Rule creates three CPT codes for remote patient monitoring telehealth-like services, entitled “Chronic Care Remote Physiologic Monitoring” (CPT Codes 99453, 99454, and 99457). Since these services are “inherently non-face-to-face” (and thus, they do not have an in-person counterpart), CMS determined that RPM services are not considered a Medicare telehealth service and therefore are not restricted under Medicare’s narrow coverage of telehealth services.^[17]  CMS did not offer any guidance as to what specific technology qualifies under these codes; however, it does plan to issue guidance in the future “to help inform practitioners and stakeholders on these issues.”^[18]  Notably, CPT code 99457 permits remote patient monitoring services to be delivered by physicians, qualified healthcare professionals, or clinical staff, including registered nurses and medical assistants (depending on state licensing scope).

• The Final Rule’s Impact on Providers

The Final Rule demonstrates CMS’ commitment to enhancing patient access, including the use of technology-based platforms. The use of communication technology-based services will provide new options for physicians to treat patients. These services could help to avoid unnecessary office visits, could consist of services that are already occurring but are not being separately paid, or could constitute new services.  The move is anticipated to reduce the costs of healthcare and benefit vulnerable patient populations.

CMS noted that providers generally support expansions to Medicare telehealth. Several commenters requested the addition of services to the list of Medicare telehealth services in specialized areas, including physical therapy telerehab services. CMS continues to evaluate the cost effectiveness of expansion of such services and will add services to the list of Medicare Telehealth services as described in the CY 2003 PFS final rule (67 FR 799888).

Submitted by:            Kathleen Premo, Esq., Elizabeth Scarola, Esq., and Matthew Sprankle, Esq., Epstein Becker Green, PC

PRIVACY & SECURITY UPDATES

Rethinking HIPAA with Regards to Smart Watches and Wearables

The newest updates to the Apple Watch Series 4 create more questions surrounding the applicability of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) to smart watches and other wearable devices.^[19]  The Apple Watch Series 4 launched on September 12, 2018 and now features electrocardiogram (“ECG”) capability.^[20]  Users can run their own ECG and see real-time results on their devices, and includes the ability to forward those results on to their doctors for diagnostic purposes.^[21]  The Series 4 device also includes upgrades to the heart rate monitor to give it the capability to detect irregular heartbeats such as atrial fibrillation (“AFib”).^[22]

There is a growing trend among consumers to want to be more hands-on with their health data, so current and potential users of the Apple Watch are unsurprisingly excited about the new features.^[23] However, these new features raise questions among health care lawyers, as well as the application (or “app”) developers, as to whether these devices and the user data contained on the devices should be regulated by HIPAA.^[24]  HIPAA is designed to regulate and secure protected health information (“PHI”).^[25] HIPAA protection currently applies to “covered entities,” defined as health plans, health care clearinghouses, and most health care providers, as well as their business associates.^[26]  HIPAA does not regulate data that is produced by and under the control of the consumer.^[27]  This distinction further blurs the line of HIPAA applicability for smart watches and wearables when app developers are included.

When the smart watch data is created by and in the possession of the consumer, HIPAA protection is not applicable to that data.^[28]  However, once an Apple Watch user sends the data, such as ECG results, AFib notifications, heart rate monitoring data, or other personal health data to their doctor, the data becomes PHI subject to HIPAA.^[29] As health data becomes more important to everyday consumers and technology continues to evolve with the health care industry, more health plans and providers are utilizing apps to help better serve their members.  For example, the Mayo Clinic has a “Mayo Clinic App” that allows members to sync their Apple Health app with the Mayo Clinic app and access the Mayo Clinic app on their Apple Watches.^[30]  App developers have to keep HIPAA regulations in mind depending on for whom they are developing their apps.^[31] Developers who are “creating, receiving, maintaining, or transmitting PHI on behalf of a covered entity or another business associate” are regulated by HIPAA.^[32] If a health plan or health provider asks a developer to create an app whereby users can upload their Apple Watch data and send it directly to their doctors, the app would need to be HIPAA compliant.^[33] However, if the users are uploading their personal data and they are the only ones who can access the data, HIPAA is not applicable.^[34]

Most consumers probably do not think about HIPAA implications on a day-to-day basis, if at all. In addition to the security and privacy concerns related to having more devices on a network, many consumers are likely not considering the risk of whether their data is protected by HIPAA when they log it into an app or use their wearable devices.^[35] In looking toward the future, it may mean changes to HIPAA to further include the new smart watch and wearables market within the reach of HIPAA so that consumers are better protected with the advancements of portable health technology.

Submitted by:            Kelli Keeler, Esq., Staff Counsel, Availity, LLC

TRANSACTIONS UPDATES

Making Strides in EHR Interoperability

CommonWell Health Alliance (“CommonWell”), a not-for-profit trade association dedicated to achieving cross-vendor electronic health record (“EHR”) interoperability, announced in November that a connection to the Carequality framework, a provider network of more than half of all providers nationwide, is now generally available to all CommonWell members. This initiative is part of an effort to improve EHR interoperability nationwide to allow providers to access health data regardless of where care was rendered and what vendor the provider uses for its EHR solution.  CommonWell works with healthcare providers and EHR vendor members to implement a vendor-neutral platform that breaks down the technological and process barriers that currently inhibit effective health data exchange. Carequality is designed to allow providers, hospitals, and health systems using CommonWell member companies’ EHR solutions to exchange patient data across EHR platforms. 

Change Healthcare built the infrastructure for the Carequality platform, and EHR vendors Cerner and Greenway Health used it to roll out a connectivity pilot this past summer.  Through Carequality, Cerner and Greenway Health customers have been exchanging data with other Carequality-enabled providers. Since the summer, Carequality-enabled providers across the country have exchanged more than 200,000 documents.

This improved interoperability has significant benefits to participating providers, hospitals, and patients. Through this connection, physician practices can directly access patient records from tertiary care centers. If a patient is hospitalized or sees another provider, the patient’s information can be shared seamlessly even if the providers or facilities are on different EHR platforms.  Improved interoperability increases efficiency in healthcare practices and improves quality of care and patient experience. Patients with chronic illnesses or conditions have an increased likelihood of seeing multiple providers on an ongoing basis, and their outcomes can be improved tremendously by sharing of health data and follow-up. Continuity of care is paramount in ensuring patient compliance with physician recommendations, and the ability for physicians to access patient data greatly assists in promoting continuity of care.

Submitted by:            Erica Mallon, Esq., Corporate Counsel, Greenway Health

A Recap of 2018 Transactions

The latter half of 2018 was bustling with large scale mergers, acquisitions and partnerships in Florida.  Here are a few highlights.

Orlando Health – South Lake Hospital (Orlando, Florida): On December 3, 2018, Orlando Health announced that it is taking full control of South Lake Hospital (170 beds) in Clermont (Orlando, Florida) after over 20+ years of a joint partnership.  As part of the deal, Orlando Health will: (1) invest $128M in a new foundation that will enrich healthcare service offerings in the region  service offering; and (2) commit to $99M for capital improvements in Southern Lake County.[36]

Cleveland Clinic – Martin Memorial System – Indian River Medial Center (Treasure Coast): Cleveland Clinic signed formal agreements in early October to take over Martin Health System (Stuart, Florida) and Indian River Medical Center (Vero Beach, Florida). The transaction still needs regulatory approval, but the acquisition is significant and a strong move for market share in South Florida. If both acquisitions are approved, Cleveland Clinic Florida will restructure  leadership.  Cleveland Clinic’s new Florida region will include both the new hospital members plus Cleveland Clinical Florida Medical Center in Weston, Coral Springs Family Health Center and facilities in Palm Beach Gardens, Parkland, West Palm Beach, and Wellington.[37]

HCA Merges 2 Tampa Hospitals (Tampa): HCA Healthcare merged Tampa Community Hospital (201 beds) with Memorial Hospital of Tampa (183 beds). Tampa Community Hospital will now be a campus of Memorial Hospital of Tampa and the following services will be offered at Tampa Community Hospital: full service emergency room, inpatient acute medical services for behavioral health patients, inpatient and outpatient behavioral health services, and inpatient substance abuse treatment services.[38]

Boca Raton Regional Hospital – Baptist Health South Florida (Palm Beach County): In July of 2018, Boca Raton Regional Hospital announced that its Board of Trustees has selected Baptist Health South Florida as its recommendation for further strategic partnership discussions, beating out Cleveland Clinic. On November 27, 2018, South Florida Business Journal reported that Boca Raton Regional Hospital “nears deal” with Baptist Health.[39]

Submitted by:            Anushree Nakkana, Esq., Managing Partner, ASN Law Firm

^[1]  Lee Health, http://www.leehealth.org/about/index.asp.

^[2] Frank Gluck, Lee Health faced with federal whistleblower lawsuit for alleged Medicare fraud, News-Press.com (Dec. 10, 2018), https://www.news-press.com/story/news/2018/12/10/lee-health-facing-whistleblower-lawsuit-alleged-medicare-fraud/2230002002/.

^[3]  42 C.F.R. § 1001.952(i).

^[4] U.S. ex rel. D’Anna v. Lee Mem’l Health Sys., No. 2:14-cv-437-FtM-38CM, (M.D. Fla., Sep. 19, 2018), available at https://ecf.flmd.uscourts.gov/cgi-bin/show_public_doc?2014-00437-71-2-cv. 

^[5] Press Release, U.S. Dep’t of Justice, Fourteen Hospitals to Pay U.S. More Than $12 Million to Resolve False Claims Act Allegations Related to Kyphoplasty (Feb. 7, 2012), available at https://www.justice.gov/opa/pr/fourteen-hospitals-pay-us-more-12-million-resolve-false-claims-act-allegations-related.

^[6] 42 C.F.R. § 411.351.

^[7]  No. 17-3108RX at *31 (Fla. Div. of Admin. Hearings May 8, 2018) (Final Order).

^[8]  Id. at *18.

^[9] Bayfront Health Port Charlotte v. Sarasota County Public Hospital District, No. 17-0510CON (Fla. Div. of Admin. Hearings May 8, 2018) (Recommended Order), (Agency for Health Care Admin. July 9, 2018) (Final Order).

^[10] Medicare Program; Revisions to Payment Policies Under the Physician Fee Schedule and Other Revisions to Part B for CY2019, Part I, 83 Fed. Reg. 59,452 (Nov. 23, 2018) (to be codified at 42 C.F.R. Parts 405, 410, 411, 414, 415, 425, 495).

^[11]  Id. at Part II.

^[12]  “Established Patients” are those who have received professional services from the physician or qualified health care professional or another physician or qualified health care professional of the exact same specialty and subspecialty who belongs to the same group practice, within the past three (3) years.

^[13]  Medicare has restricted coverage of telehealth services to beneficiaries who reside within certain geographic rural areas and who seek such services at specific “originating sites” (patient beneficiary’s home is not included in the current Medicare definition for “originating site”).  See Amy Lerman, OIG Updates FY 2017 Work Plan to Include Review of Medicare Claims for Telehealth Services Provided to Rural Beneficiaries: Will Substantive Change to Medicare Reimbursement for Telehealth Follow?, Epstein Becker Green (July 26, 2017), https://www.techhealthperspectives.com/2017/07/26/oig-updates-fy-2017-work-plan-to-include-review-of-medicare -claims-for-telehealth-services-provided-to-rural-beneficiaries-will-substantive-change-to-medicare-reimbursement-for-telehealth-follow/.

^[14]  By making this statement regarding the addition of the above-originating sites, CMS is planning to implement the requirements of the Bipartisan Budget Act of 2018.

^[15]  You may read more about this change in a recent post covering the SUPPORT for Patients and Communities Act sought to address originating site restrictions by granting Medicare coverage of telehealth services to eligible beneficiaries in their home.  Charles C. Dunham, IV. & Matthew Sprankle, The SUPPORT for Patients and Communities Act: Expanding Medicare Coverage of Telehealth Services to Combat the Opioid Crisis, Epstein Becker Green (Nov. 5, 2018), https://www.techhealthperspectives.com/2018/11/05/the-support-for-patients-and-communities-act-expanding-medicare-coverage-of-telehealth-services-to-combat-the-opioid-crisis/.

^[16]  Section 1834m of the Social Security Act defines store-and-forward technologies as “asynchronous transmission of health care information.”

^[17]  CPT Code 99453 describes remote monitoring of physiologic parameters related to initial set-up and patient education regarding use of equipment. CPT Code 99454 also involves remote monitoring of physiological parameters, but related to the remote device(s)’s “supply with daily recording(s) or programmed alert(s) transmission.” CPT Code 99457 permits billing for “[r]emote physiologic monitoring treatment management services, 20 minutes or more of clinical staff/physician/other qualified healthcare professional time in a calendar month requiring interactive communication with the patient/caregiver during the month.” This new code will be much easier to track since payment is based on the time spent per calendar month (rather than the per 30-day intervals of its prior iteration), which will better align with claims submission and recordkeeping practices.

[18] 83 Fed. Reg. at 59,575.

^[19]  Elizabeth Litten, New Apple Watch May Mark Time to Rethink HIPAA, Fox Rothschild LLP (Nov. 13, 2018), https://hipaahealthlaw.foxrothschild.com/2018/11/articles/hit-health-information-technol/new-apple-watch-may-mark-time-rethink-hipaa/.

^[20]  Matt Burns, Apple Watch Series 5 Can Detect AFib and Perform An ECG, TechCrunch (Sept. 2018), https://techcrunch.com/2018/09/12/apple-watch-series-4-can-detect-afib-and-perform-an-ecg/. See also David Phelan, Apple Watch Series 4: When Will the Brilliant ECG Feature Arrive in the States and Worldwide?, Forbes (Sept. 27, 2018, 5:31 PM), https://www.forbes.com/sites/davidphelan/2018/09/27/apple-watch-series-4-when-will-the-ecg-feature-arrive-in-the-states-and-worldwide/#19ac03a63a09.

^[21] Hayley Tsukayama, What Cardiologists Think About the Apple Watch’s Heart-Tracking Feature, Wash. Post (Sept. 14, 2018), https://www.washingtonpost.com/technology/2018/09/14/what-cardiologists-think-about-apple-watchs-heart-tracking-feature/?noredirect=on&utm_term=.693cdd73ab20.

^[22]  Burns, supra note 20.

^[23]  Tsukayama, supra note 21.

^[24]  Litten, supra note 19.

^[25] Paul A. Drey & Sarah Wendler, Peeling Back the Apple Watch: Do HIPAA and the Apple Watch Go Together?, A.B.A. (Sept. 27, 2018), https://www.americanbar.org/groups/health_law/publications/aba_health_ esource/2015-2016/september/applewatch/.

^[26] 45 C.F.R. § 160.103.

^[27] Drey & Wendler, supra note 25.

^[28] Id.

^[29] Id.

^[30] Mayo Mobile Patient App, Mayo Clinic (Oct. 31, 2014), https://alumniassociation.mayo.edu/mayo-patient-app-free-download/; Brian Kilen, Mayo Clinic Announces Apple Watch App for Patients and Physicians, Mayo Clinic (Apr. 24, 2015), https://newsnetwork.mayoclinic.org/discussion/mayo-clinic-announces-apple-watch-app-for-patients-and-physicians/.

^[31] Supra note 26.

^[32] Id.

^[33] Fred Donovan, How Does HIPAA Apply to Wearable Health Technology?, Health IT Security (July 24, 2018), https://healthitsecurity.com/news/how-does-hipaa-apply-to-wearable-health-technology.

^[34] See supra note 25; Elizabeth Snell, How Do HIPAA Regulations Apply to Wearable Devices?, Health IT Security (Mar. 23, 2017), https://healthitsecurity.com/news/how-do-hipaa-regulations-apply-to-wearable-devices.

^[35]  Litten, supra note 19.

^[36]  Naseem S. Miller, Orlando Health to take full control of South Lake Hospital, Orlando Sentinel, Dec. 3, 2018, http://www.orlandosentinel.com/health/os-ne-orlando-health-south-lake-integration-20181203-story.html; Alia Paavola, Orlando Health takes over 170-bed Florida hospital, Becker’s Hospital Review, Dec. 4, 2018, https://www.beckershospitalreview.com/hospital-transactions-and-valuation/orlando-health-takes-over-170-bed-florida-hospital.html.  

^[37] Emily Rappleye, Cleveland Clinic to restructure leadership in Florida, Becker’s Hospital Review, Nov. 28, 2018, https://www.beckershospitalreview.com/hospital-executive-moves/cleveland-clinic-to-restructure-leadership-in-florida.html.  

^[38]  Veronica Brezina-Smith, Memorial Hospital of Tampa completes merger with Tampa Community Hospital, Tampa Bay Business Journal, Nov. 5, 2018, https://www.bizjournals.com/tampabay/news/2018/11/05/memorial-hospital-of-tampa-completes-merger-with.html.

^[39]  Brian Bandell, Boca Raton Regional Hospital nears deal with Baptist Health as losses narrow, South Florida Business Journal, Nov. 27, 2018, https://www.bizjournals.com/southflorida/news/2018/11/27/boca-regional-hospital-nears-deal-with-baptist.html.