On October 24, 2018, Congress enacted a new anti-kickback law that applies to many commercial health insurance plans, as well as Medicare and Medicaid.  The law, known as the “Eliminating Kickbacks in Recovery Act of 2018” (the “Law”), was passed as part of the SUPPORT for Patients and Communities Act, which generally targets the national opioid crisis.

PillsMoneyThe Law makes it a criminal offense to do any of the following:

  1. Solicit or receive any remuneration (including any kickback, bribe or rebate), directly or indirectly, in return for referring a patient or patronage to a recovery home, clinical treatment facility or clinical laboratory; or
  2. Offer or pay a kickback to “induce” a referral of an individual to a recovery home, clinical treatment facility or clinical laboratory, or in exchange for an individual using the services of a recovery home, clinical treatment facility or clinical laboratory.

A “Clinical treatment facility” is broadly defined under the Law as essentially any non-hospital licensed facility that provides treatment for substance use.  Penalties for each violation can include a fine of up to $200,000 and imprisonment of up to 10 years.

The Law has seven “safe harbors”, some of which are similar to the safe harbors under the federal Anti-Kickback Statute that is generally applicable to Medicare and Medicaid services.  However, in contrast to the Anti-Kickback Statute, the safe harbor for employees and independent contractors under the Law expressly excludes from safe harbor protection any payment made to an employee or independent contractor that is determined or varies by:  (1) the number of individuals referred to one of the above facilities; (2) the number of tests or procedures performed; or (3) the amount billed to or received from the individual’s health insurance plan.

Although the Anti-Kickback Statute prohibits conduct similar to that prohibited by the Law in the context of Medicare and Medicaid, the Law casts a wider net in the context of referrals to recovery homes, clinical treatment facilities and clinical laboratories, as it applies to many commercial insurance plans.

It remains to be seen whether and how this Law may be narrowed down in application.  The U.S. Attorney General has the authority to issue additional safe harbor regulations under the Law, which could be used to clarify existing safe harbors.  The Law may also be amended by Congress in the future.

In addition to having a significant impact on the clinical laboratory industry, the Law could affect physicians employed or engaged by recovery homes or clinical treatment facilities, or participating in an arrangement directly or indirectly involving referrals to such homes or facilities.

The full text of the Law may be accessed at this link:  Eliminating Kickbacks in Recovery Act of 2018.

If you have any questions about how the Law may apply to your practice, please consult with experienced legal counsel.

The transportation landscape in America has evolved and these developments are now impacting health care. With about 75 percent of the U.S. population living in a county with access to an on-demand ride-hailing service, many patients are turning to ride-share services, like Uber and Lyft, as a means to obtain their medical care.

The idea of partnering ride-sharing and health care is not new. Over the past few years, ride-sharing companies have been edging their way into the health care realm. Both Uber and Lyft have been testing pilot programs involving nonemergency medical transportation (NEMT) and other non-traditional health care transportation models with major providers, institutions, insurers, and transportation brokers nationwide. Until recently, most of these programs have been limited in scope to specific health care facilities, by service (e.g., concierge services that ferry flu shots to people, or enabling users to request a doctor to provide on-demand diabetes and thyroid tests) and by patient population (e.g., Medicare Advantage, Medicaid, and limited commercial payors).

Recognizing the need for accessible and cost-efficient health care transportation is not unique to Uber and Lyft. A number of revolutionary NEMT companies have emerged in various markets to supplement traditional health care transportation options and the “Big Two” ride-share companies have partnered with many of these outside vendors to enhance an established and (presumably) compliant service offering in specific markets. Certain NEMT companies, like Veyo, American Medical Response, and Circulation, have made their own name in the NEMT space. Interestingly, both Uber (in 2016) and Lyft (in 2017) announced partnerships with Circulation, utilizing Circulation’s customizable NEMT platform to integrate with each ride-sharing companies’ application program interfaces (API) and connecting with the interfaces of the health care systems’ they service.

With these numerous initiatives, it was unsurprising this year when the Big Two made their entrance into the entire health care market official. By expanding beyond outsourced NEMT ridesharing services to predetermined health care facilities, both Uber and Lyft have launched their own platforms to allow all health care providers to schedule rides for their patients.

In March, Uber introduced and launched “Uber Health,” a distinct application from the traditional Uber app, which provides a digital portal allowing health care organizations to book rides for a patient or caregiver who need help getting to and from medical appointments. Through Uber Health, unlike traditional NEMT services (where government and certain commercial payors may reimburse the transportation company for the rides), Uber bills the health care providers who sign up for Uber health monthly based on the cost of their patients’ rides, which are on par with standard Uber rates at the time of the ride booking.

On the other hand, in 2016 Lyft first introduced a service called “Concierge,” which similarly allows health care providers to set up rides for patients to get to appointments; however, also in March of this year, Allscripts and Lyft announced their partnership to incorporate the Concierge patient transportation interface directly into Allscripts Sunrise EHR so that when a patient’s transportation needs are noted in his or her medical record, a Lyft is automatically scheduled for that patient. Similar to Uber Health, under Lyft’s Concierge service, the providers pay for the rides.

This shift in health care transportation was inevitable and providers are now able to leverage the convenience of these ubiquitous apps to ensure better experience and care for their patients; however, caution should be taken to ensure that these patient rideshares are done in a legally compliant way.

Primarily, these ride-share services raise concerns under fraud and abuse regulations. Because health care providers coordinate patient transportation through the applications, providers need to be careful about offering free or discounted rides to patients which could trigger the federal anti-kickback law. Providers who treat state and federal program beneficiaries will need to ensure that the method of delivery adheres (or as closely as possible) to the Office of Inspector General’s (OIG) safe harbor regulations applicable to free or discounted local transportation. As outlined in a prior post on this Blog, in 2016 the OIG announced a safe harbor that protects a health care provider or other eligible entity (i.e., any individual or entity, except those who primarily supply health care items) from Anti-Kickback Statute (AKS) and Civil Monetary Penalty (CMP) penalties if it provides free or discounted local transportation to Medicare patients and other federal health care program beneficiaries, so long as all of a number of conditions are met. These conditions require, among other things, that there be a written policy in place which restricts how transportation services are used and advertised, and that the transportation be available only to “established patients.” Therefore, if a health care provider attempts to advertise the availability of free rides as an inducement to grow its patient base, it could quickly find themselves paying fines, including treble damages.

Additionally, many states have their own kickback prohibitions, potentially placing limitations or restrictions on the utilization of ride-share platforms for professional services. If no government beneficiaries are seen by a provider, the provider can ultimately decide whether to pay for the service or pass some or all of the cost on to their patients. Therefore, a state-by-state analysis should be performed to assess appropriate practices prior to offering ride-share services to patients. These payment and kickback concerns will continue to develop as private insurers assess reimbursement eligibility for ride share services.

One population that has been left out of the trend to partner ride-sharing with providers are those in wheelchairs or who need transportation accommodations due to a disability. Uber, was recently sued by a San Francisco-based advocacy group for not providing wheelchair-accessible transportation, and the company is now piloting such vehicles in several cities. To the extent a health care practice is “participating” in a ride-share platform, any acts of non-compliance by the ride-share company, depending on the terms of the arrangement (or lack thereof), could potentially flow to the provider, as the ride-share companies, acknowledging their status as Business Associates, are ultimately performing the services on behalf of the provider.

This Business Associate recognition prompts the overarching patient privacy concerns inherent in the ride-sharing services. Since ride-sharing companies (and their drivers) will have access to individually identifiable and/or protected health information, providers must have appropriate Business Associate Agreements (BAAs) in place to comply with the Health Insurance Portability and Accountability Act (HIPAA). Both Uber and Lyft have touted their proactive and preemptive compliance with HIPAA and publicized engagements of third-party HIPAA compliance companies to ensure development, implementation, and customization of the necessary safeguards for data security in the distinct APIs for their new platforms.

Uber asserts that Uber Health drivers won’t know which of their passengers are using Uber Health. Like a typical Uber ride, only a passenger’s name, pickup and drop-off addresses will be given to the Uber Health driver and Uber drivers are not able to opt into or out of the health service the same way that they can with Uber Eats, an affiliated food delivery service. Therefore, on a trip to a hospital or medical practice, a driver won’t know whether a rider is traveling to the health care facility using the traditional Uber app—to commute to work, for example—or is meeting a doctor through the health care platform.

The logic (or belief) is that although the ride-share companies are Business Associates, the companies’ drivers are not given any medical information and are not even informed that a ride is under the health care platform; therefore, the drivers are not Business Associates (or “subcontractors” under HIPAA). This concept has seemingly satisfied the outsourced risk and compliance assessments; however, the government has yet to opine as to whether individually identifiable health information (not just “medical information”) is truly kept private under HIPAA’s somewhat ambiguous standard of requiring only a “reasonable basis to believe the information can be used to identify the individual.”[42 CFR 160.103 (Individually identifiable health information)]

Additionally, to address obligations under the Health Information Technology for Economic and Clinical Health (HITECH) Act, Uber is storing data from Uber Health in separate servers, meaning that only select Uber employees and the health care providers have access to patient data. Furthermore, Uber is housing everything itself and is not sharing Uber Health data with anyone downstream in its supply chain, thereby eliminating obligations to manage the transfer of data or implementing third-party vendor risk management programs. Accordingly, a breach in Uber’s servers presumably should not compromise Uber Health’s data.

Despite these safeguards and demonstrated HIPAA-compliance, risks still remain (e.g., potential data breaches). Not that long ago, Uber was hit by a cyberattack exposing the personal information of 57 million riders and drivers, and the company’s delayed public notification of the incident was disconcerting to many. Providers, as Covered Entities, participating in these ride-share platforms risk potential imposition of stiff penalties for data breaches, increasing the importance of entering into a well-drafted BAA with the ride-share company.

Uber has stated they are “pleased to sign BAAs with all participating healthcare organizations” and the Uber Health’s Dashboard Terms and Conditions provide that the “Terms shall automatically terminate upon the termination of the Business Associate Agreement that the parties separately entered into…” This acknowledgement is the first step, but it is unclear as to whether Uber has their own form BAA or will accept a provider’s form/terms for each individual relationship.

The incorporation of ride-sharing transportation into the delivery of health care services can provide benefits to both providers and their patients; however, the array of health care regulatory issues should be evaluated and assessed before signing up for such programs. If you or your practice have any questions or are interested in offering a patient ride-share program, please contact Michael Bassett at mbassett@foxrothschild.com or 215.444.7191, or any member of Fox Rothschild’s Health Law Group.

 

CMS recently issued an Advisory Opinion suggesting that physicians who refer diagnostic tests reimbursable under Medicare to a laboratory may, under certain circumstances, receive electronic pop-up notifications in the laboratory’s web-based portal alerting the physicians to various potential issues related to the test results.  In the Advisory Opinion, CMS considered certain alerts which a laboratory proposed to provide to its referring physicians without charge via the laboratory’s web-based portal.  The entire Advisory Opinion can be read here.

In short, CMS concluded that the alerts proposed by the laboratory, which would be limited to issues relating to the test results, would not constitute illegal remuneration under the federal Stark law, as long as (1) the alerts are provided solely in connection with the ordering or communication of diagnostic test results from the laboratory, and (2) appropriate safeguards are in place to avoid overutilization or medically unnecessary testing.

Some of the key safeguards that CMS found persuasive included the following:

  • Alerts recommending additional testing would be based on industry-standard, peer-reviewed guidelines;
  • The alerts would not be “overly intrusive” and would not override the physician’s independent medical judgment;
  • Where multiple additional tests would be recommended in an alert, there would be no “select all” button for the physician to click to order all of the tests together;
  • The physician could turn off the alerts for a particular disease condition; and
  • The physician could obtain the information provided in the alerts free of charge from other sources.

An advisory opinion from CMS is a rare occurrence, in comparison to advisory opinions issued by the Office of Inspector General regarding the federal Anti-Kickback Statute, which occur a number of times each year.  This is the first and only advisory opinion issued by CMS in 2017.  To that end, CMS likely considers this Opinion to be useful guidance to physicians and providers regarding their use of online web portals to order diagnostic tests.

If you or your practice has any questions regarding alerts or other benefits you may receive via a laboratory’s online web portal, please consult experienced legal counsel.

Gov. Christie’s Administration recently proposed a regulation to curtail the prescription of unnecessary opioid painkillers.  Christie, who serves as the Chairman of President Trump’s Commission on Combating Drug Addiction and the Opioid Crisis, expressed concern that treatment decisions of all prescribers (including physicians, dentists and advanced practice nurses) are being improperly influenced by pharmaceutical companies.  According to Christie’s press release, four out of every five new heroin users began by misusing prescription painkillers, and, in 2016, $69 million was paid to physicians in New Jersey by drug companies and device manufacturers, two-thirds of which went to just 300 physicians.

The New Jersey regulation would take big steps toward restricting what prescribers may receive from pharmaceutical companies, including limiting the value and frequency of meals that may be provided in educational settings, and prohibiting the giving of a variety of items to prescribers, except in limited circumstances (such as for educational materials, for presenting at continuing education events and for bona fide consulting arrangements).  Annual payments for bona fide services would be limited to $10,000.

The proposed regulation will be published for comment in the New Jersey Register on October 2, 2017.  Stay tuned to Fox Rothschild’s Physician Law Blog for updates.

Earlier this month, a New York man was sentenced to 10 years in prison for allegedly operating a $26 million scheme to defraud Medicare and Medicaid. The defendant allegedly established 6 medical clinics in Brooklyn that paid elderly people to pose as patients and billed Medicare and Medicaid for unnecessary and/or non-existent medical care and equipment. The defendant, who was not a doctor, operated the six clinics between 2007 and 2013, but because New York’s corporate practice of medicine doctrine requires that such clinics be owned and operated by licensed healthcare professionals, he found three physicians to serve as nominal clinic owners. The allegations included that the physicians would periodically come to the clinic to sign medical charts for patients who they never treated, and for others, prescribe unnecessary medications, procedures and supplies. The clinics allegedly incentivized elderly patients to seek “treatment” at the clinics through cash kickbacks.

In addition to his prison term, the defendant was ordered to pay $16,686,811 in forfeiture and a restitution order of $18,683,691. Although this was an extreme “billing mill” case, the severity of sentencing highlights the importance of billing compliance obligations. Also, since New York law strictly prohibits unlicensed individuals, such as the defendant, from owning medical clinics and/or influencing medical decision making, clinics should ensure that such functions are exclusively reserved to its licensed healthcare providers. The corporate practice of medicine doctrine varies from state to state, so we recommend that you contact a knowledgeable and experienced healthcare attorney in your state if you have any questions regarding these requirements.

Advancements in healthcare technology continue at an explosive pace and nowhere is this more evident than in the field of mobile healthcare applications. Technology giants such as Apple and Garmin are diving into the wearable healthcare device arena and healthcare app companies are rapidly developing technology to enable devices to transmit healthcare information directly to physicians from these devices. Not surprisingly, physicians are also being courted by technology companies to endorse, invest in, Beta test and enter into licensing agreements to utilize these technologies.

As evidenced, however, by three recent settlements between the New York State Attorney General and several healthcare app companies, the marriage between healthcare and technology is fraught with potential legal pitfalls. According to the NY Attorney General’s press release, the settlement involved the makers of Cardiio, Runtastic, My Baby’s Beat, three popular healthcare applications that, among other things, monitor user heart rates. In addition to requiring the companies to pay civil settlements, the settlement agreements require the companies to modify certain of their marketing claims which the Attorney General alleged were misleading, and to change their privacy practices regarding the use and disclosure of user information. In light of these settlements, physicians considering getting involved with app makers or other healthcare technology ventures should carefully vet those arrangements and the applications themselves for compliance with healthcare laws including, without limitation, federal and state kickback prohibitions and privacy and security considerations.

Earlier this month, the Office of Inspector General of the Department of Health and Human Services (“OIG”), the agency charged with enforcement of key federal fraud and abuse laws, published its annual Work Plan identifying the areas of compliance concern under the Medicare program on which it will focus its review efforts in the coming year.

While the Work Plan does not provide much detail in terms of why particular areas have been identified for review, it can serve as a useful tool for physicians and other providers to identify specific areas on which they should be focusing their compliance efforts. Among other areas of potential concern for physician practices, the 2017 Work Plan identifies the following as subjects of focus by the OIG:

-Outpatient Intensity Modulated Radiation Therapy;
-Billing for prosthetics and orthotics;
-Billing for personally performed anesthesia services;
-Chiropractic billing;
-Billing for Physical Therapy by Therapists in Independent Practice.

In addition, the OIG will be studying whether there is any correlation between physicians who receive payments from drug and device manufacturers and the ordering and prescribing activities of those physicians. The basis for this review will be data reported by drug and device manufacturers under the Physician Payments Sunshine Act contained in the Affordable Care Act.

The entire FY 2017 Work Plan can be viewed on the OIG’s website.

The Office of Inspector General (“OIG”) of the Department of Health and Human Services, generally, would have concerns about a potential or existing referral source receiving free goods or services, since these free goods and services could be used to provide unlawful payments for the referral of Federal health care program business.  However, under Advisory Opinion 16-09, the OIG decided not to pursue sanctions against a company that provides computerized point-of-care storage and dispensing systems for vaccines (the “Dispensing System”) to physicians free of charge due to the specific circumstances in this arrangement.

The Arrangement:  A manufacturer of a refrigerated vaccine storage and dispensing system (the “Dispensing System”) would retain title to their Dispensing System and the internal data, but would provide the system free of charge to certain physicians.  The manufacturer would enter into two types of agreements:

1)  Sole-Source Vaccine Agreement – The Dispensing System manufacturer would enter into an agreement with manufacturers who are the sole suppliers of a vaccine (“Sole-Source Vaccine”).  The Sole-Source Vaccine manufacturer would pay the Dispensing System manufacturer a fee for each unit of vaccine that a participating physician dispenses out of the Dispensing System (the “Dispense Fee”).

2) Physician Agreement – Dispensing System manufacturer would enter into agreements with only those Physicians who had not previously stocked adult vaccines previously, or only stocked vaccines sporadically or in low volumes.  The Dispensing System would be free of charge to physicians, provided the physician agrees to stock at least one Sole-Source Vaccine that has an Agreement with the Sole-Source Vaccine manufacturer.  The physician would be responsible for the internet connectivity and utilities for the system.  The physician could use the Dispensing System to store other vaccines.  However, the physician may only store Sole-Source Vaccines if the vaccine manufacturer has an agreement with the Dispensing System manufacturer.

OIG’s Analysis: Due to the following “unique factors” the OIG concluded that the following arrangement would be permissible.

  • No Dispense Fee is shared with the physicians.
  • The Dispense Fee is paid directly to the Dispensing System manufacturer, who does not generate Federal healthcare program business.
  • The risk of unfair competition is reduced because (1) only Sole-Source Vaccine manufacturers can enter into an agreement with the Dispensing System manufacturer; (2) More than one Sole-Source Vaccine manufacturer can have their vaccines in any machine and each would be paying the Dispense Fee; and (4) Since a physician needs the Sole-Source Vaccine for patient, the physician has inherently chosen the manufacturer, since they cannot get the vaccine from anywhere else.
  • Physicians may store any non-sole-source vaccines in the Dispensing System that they wish.
  • The manufacturer will not advertise, market or promote any specific vaccine.
  • Adult vaccines are administered in limited manner and serve to prevent diseases, which if not prevented could lead to costlier services to federal payors.
  • The Arrangement helps achieve the CDC’s goal to improve adult vaccination rates which is a benefit from a public policy perspective.
  • The Dispensing System helps mitigate one of the key challenges – proper vaccine storage and management

While it appears the opinion is likely limited to the discrete issue of vaccine storage, it does demonstate that the OIG may be willing to entertain proposals that align with public health concerns or other government agency goals, even in situations where there could be a risk of fraud or abuse to federal payor programs.

If your practice is interested in guidance regarding free vaccine dispensing systems or similar arrangements, be sure to consult experienced counsel.

In March 2016, we covered the conviction of Dr. Venkateswara Kuchipudi for violating the federal anti-kickback statute by referring nursing home patients to Sacred Heart Hospital (in Chicago) in exchange for kickbacks. For a summary of the case, please see our post here: Nursing Home Fraud Scam Results in Conviction for King of Nursing Homes

Dr. Kuchipudi was convicted of one count of conspiracy to defraud the United States and nine counts of illegally soliciting or receiving benefits in return for referrals of patients covered under a federal health care program. On August 12, 2016, the U.S. District Court for the Northern District of Illinois sentenced Kuchipudi to two (2) years in prison and the return of over $786,000, consisting of overpayments and fines.

According to the Court, Kuchipudi had become more focused on making money than on the best interests of his patients, and knew that his scheme to refer nursing home patients for kickbacks was “morally wrong”.

The Hospital made the following kickbacks to Kuchipudi:  (1) it covered the costs of the physician assistants (PAs) and nurse practitioners (NPs) who exclusively treated Kuchipudi’s patients, while allowing Kuchipudi to bill Medicare and Medicaid for the services of the PAs and NPs treating his patients; (2) it inappropriately paid him rent payments; and (3) it paid him bogus teaching fees.

The prosecutors sought 6 to 8 years in prison for Kuchipudi, and stressed Kuchipudi’s greed in engaging in the scheme.  In his defense, Kuchipudi offered support letters from many of his patients, testifying to his selfless nature and years of patient-centered care. However, some of the most telling evidence of Kuchipudi’s intentions was that he frequently did not know why his patients were admitted to the Hospital or even who they were.  In addition, in the sentencing memorandum, prosecutors noted that Kuchipudi pressured the Hospital to pay for his meals at an expensive steakhouse in Chicago, which a Hospital executive agreed to do expressly in exchange for Kuchipudi’s admissions.

As we noted before, this case is an example of how violations of the federal anti-kickback statute can involve kickbacks in forms other than direct payment for referrals. It also serves as a reminder to physicians to carefully review their hospital relationships and arrangements with other providers to avoid running afoul of federal and state fraud and abuse laws. We encourage you to seek legal counsel with experience in the nuances of these laws and regulations if you have any questions regarding your arrangements with providers.

Long gone are the days when drug reps enticed physicians with extravagant meals at five-star restaurants and box seats to the Phillies’ playoffs (and sadly, gone are the days when the Phillies actually made the playoffs).

According to a recent study published in the journal, JAMA Internal Medicine, physicians who are provided a meal for less than $20 from drug reps are more inclined to prescribe that rep’s name-brand drug, which is not always covered by insurance, over the less pricy bioequivalent generic.

Researchers from the University of California, San Francisco, the University of Hawaii, and the Pacific Health Research and Education Institute examined data from 280,000 physicians in Medicare’s prescription drug program from August through December 2013.  Four top-selling name-brand drugs were considered: Benicar and Bystolic, both of which are used to treat high blood pressure, Pristiq, used to treat depression, and Crestor, used to treat high cholesterol.

The study revealed that doctors who received a meal linked to Benicar and Bystolic promotion were 70% and 52%, respectively, more likely to choose the name-brand than those doctors who did not receive a free meal.  Those who received a meal linked to Pristiq were 118% more likely to prescribe Pristiq, and Crestor was linked to an 18% prescribing increase over the bioequivalent generic Lipitor.

Further, an alarming $73 billion per year is spent on name-brand drugs for which there is an equally effective generic, with patients themselves spending $24 billion of that amount.

Dr. Adams Dudley, the study’s lead author, remarked, “Doctors are human, and humans respond to gifts.”

Forgive me for being a skeptic, but isn’t it also quite possible that the sales pitch given during the meal was what actually influenced physicians’ prescribing habits? Call it naiveté, but let’s hope it takes more than a measly slice of pizza to buy our healthcare providers’ loyalties.

–Alexandra L. Sobol, Esq.

(Click here to view Ms. Sobol’s biography)