Health Law Update - March 6, 2014

Alerts / March 6, 2014

Welcome to this week's edition of the Health Law Update. Topics covered today include:

We hope you find this information helpful. Please contact any member of BakerHostetler's Healthcare team with questions.


According to minutes filed in the U.S. District Court for the Middle District of Florida, Halifax Hospital Medical Center (Halifax) and the U.S. Department of Justice (DOJ) have reached a settlement in the pending False Claims Act case in which Halifax is accused of entering into financial relationships with medical oncologists and neurosurgeons in violation of the Stark Law. You can read more about the Halifax case in our December 12, 2013, and January 23, 2014, issues of the Health Law Update. While neither party has officially commented on the settlement, a number of sources are reporting the settlement amount will be around $85 million. The settlement in the Halifax case, which was originally brought by a whistleblower on behalf of the government, will follow on the heels of the judgment against Tuomey Healthcare System, Inc. (Tuomey) for Stark violations that exceeded $230 million in September. See the October 3, 2013, issue of the Health Law Update.

The Halifax court granted partial summary judgment in favor of the DOJ in November, finding that the incentive bonuses paid to medical oncologists took into account the volume or value of the physician's referrals to the hospital for designated health services (DHS) because fees for DHS were included in the bonus pool. The jury trial set to begin this week would have decided three things: (1) whether Halifax's employment agreements with three neurosurgeons violated the Stark Law on fair market value and commercial reasonableness grounds; (2) the amount of damages under the Stark Law related to the prohibited financial relationships with the medical oncologists and the neurosurgeons, if applicable; and (3) whether Halifax had the requisite intent to establish a False Claims Act violation. The settlement likely will not resolve another set of allegations raised by the relator against Halifax relating to unnecessary inpatient admissions. The DOJ did not intervene in this portion of the relator's case, which is set for a jury trial in July.

Hospitals across the country have wisely been taking note of the new high-stakes world of False Claims Act cases predicated on the Stark Law in light of Tuomey.

If you need assistance evaluating your financial arrangements with physicians, please contact Donna S. Clark, or 713.646.1302; or Darby C. Allen, or 713.646.1311.


The U.S. Court of Appeals for the Fourth Circuit recently upheld the dismissal of a False Claims Act (FCA) suit against Omnicare, Inc., in which the relator alleged that certain drugs repackaged by Omnicare's subsidiary were adulterated and ineligible for Medicare or Medicaid reimbursement because of Food and Drug Administration (FDA) regulation violations and that Medicare claims for reimbursement for the drugs were therefore false. The Fourth Circuit refused to permit a relator to "use of the FCA as a sweeping mechanism to promote regulatory compliance." Rather, the court held that the FCA was "a set of statutes aimed at protecting the financial resources of the government from the consequences of fraudulent conduct."

In reaching its result, the Fourth Circuit concluded that the relator's recitation of alleged regulatory violations did not constitute the identification of any false statement or fraudulent misrepresentation made to the government, as is required under the FCA. The court held that a drug must only be FDA-approved to qualify for reimbursement and that the Medicare and Medicaid statutes do not prohibit reimbursement for adulterated drugs and do not require compliance with FDA safety regulations as a "precondition" to payment. Consequently, the submission of the reimbursement requests did not constitute a false claim under the FCA. The court refused to allow the FCA to be used as an all-encompassing regulatory enforcement tool. The court stated that the "correction of regulatory problems is a worthy goal, but is 'not actionable under the FCA in the absence of actual fraudulent conduct.'"
The court also rejected the relators' attempt to proceed under implied certification or worthless services theories of FCA liability.

This case is significant as it rejects the efforts by many government lawyers and relators to use the FCA to remedy a myriad of regulatory violations. The holding narrows the focus of FCA claims to those that relate to preconditions to payment under the applicable program, instead of allowing the FCA to serve as a regulatory-compliance/enforcement mechanism.

United States ex rel. Rostholder v. Omnicare, Inc., No. 12-2431 (4th Cir. Feb. 21, 2014)

For more information, please contact Robert M. Wolin, or 713.646.1327.


The Centers for Medicare & Medicaid Services (CMS) recently published an announcement indicating that the agency is "in the procurement process for the next round of Recovery Audit Program Contracts" and is winding down its current contracts to enable Recovery Auditors to complete all outstanding claim reviews and other processes by the end date of existing contracts. In the interim, CMS will "pause" operations of current RACs pending award of the new contracts. According to the agency, this pause will allow it to "continue to review and refine" the RAC program, e.g., by examining Additional Documentation Request (ADR) limits, timeframes for review and communications between Recovery Auditors and providers.

CMS already has accepted a number of changes to the Recovery Audit Program which are intended "to result in a more effective and efficient program, including improved accuracy, less provider burden, and more program transparency." These changes, summarized in a chart by CMS, specify that:

  • RACs must wait 30 days to allow for a discussion before sending the claim to the Medicare Administrative Contractor (MAC) for adjustment. Providers will not have to choose between initiating a discussion and an appeal.
  • RACs must confirm receipt of a discussion request within three days.
  • RACs must wait until the second level of appeal is exhausted before they receive their contingency fee.
  • CMS is establishing revised ADR limits that will be diversified across different claim types (e.g., inpatient vs. outpatient).
  • CMS will require RACs to adjust the ADR limits in accordance with a provider's denial rate. Providers with low denial rates will have lower ADR limits while providers with high denial rates will have higher ADR limits.

In its announcement, CMS also flagged the following three important dates:

  • February 21 was the last day a Recovery Auditor could send a postpayment ADR.
  • February 28 was the last day a MAC could send prepayment ADRs for the Recovery Auditor Prepayment Review Demonstration.
  • June 1 is the last day a Recovery Auditor may send improper payment files to the MACs for adjustment.

The new Recovery Audit Program contracts likely will be awarded in the spring of 2014, though CMS has not announced an official date, and are projected to terminate sometime in 2018. Once the new contracts are in effect, RACs may audit claims for dates of service occurring during the pause.

This announcement arrives on the heels of a "scathing" Office of Medicare Hearings and Appeals forum, where industry stakeholders discussed a workload that has resulted in a "backlog of 460,000 appeals and the suspension of the assignment of appeals to administrative law judges (ALJs) for up to two years." While some commentators believe the pause may bring providers relief and welcome the change, they also point out that the revisions "won't address the multi-year backlog that inappropriate RAC denials have created in the Medicare appeals system." Nor will the changes provide stakeholders with long-term relief from the substantial burden imposed by such audits. For further suggestions regarding improvements to the RAC program, please see the American Hospital Association's January 14, 2014, letter addressed to CMS.

As CMS releases additional guidance regarding the RAC program and improvements thereto, we will continue to provide updates. In the meantime, further information regarding this program can be accessed here.

For more information, please contact B. Scott McBride, or 713.646.1390; or Anne C. Foster, or 216.861.7258.


As has been reported in previous editions of the Health Law Update, National Labor Relations Board (NLRB)-watching now is a required activity for all employers—union and nonunion alike. On February 25, 2014, NLRB General Counsel Richard Griffin published a list of substantive questions that must be submitted to the Division of Advice in Washington, D.C. before Regional Directors may make decisions. (See Memorandum GC-14-01.) The clear, but unstated purpose of this directive is to ensure that determinations by Regional Offices that are deemed too favorable to employers will be reviewed in Washington, D.C.

Clearly, all eyes will continue to be glued to the NLRB for some time to come. Here are some things that healthcare employers should expect to see in the coming months.

  • Erosion of long-standing Supreme Court precedent (see NLRB v. Burns International Security Services, 406 U.S. 272 (1972)) which obviates the duty to assume an existing collective bargaining agreement where the employer indicates, through its actions, that it does not intend to assume the contract. (See dissents by Members Fanning and Panello in Spruce Up, 209 NLRB 194, 199-200; concurrence by Chairman Gould in Canteen Co., 317 NLRB 1052, 1054, placing emphasis on employer's intent and not whether employees accept offers of employment.)
  • Establishment of the rights of unrepresented employees to representation in predisciplinary investigatory meetings. The NLRB may overrule the 2004 decision in IBM Corp., 341 NLRB 1288 (2004), in which the NLRB determined that employees do not enjoy Weingarten rights in an unrepresented workplace.
  • Greater difficulty obtaining postarbitral deferral of unfair labor practice charges in cases involving interference with employee rights to engage in protected concerted activity or retaliation for engaging in protected activity, under Sections 8(a)(1) or 8(a)(3) of the National Labor Relations Act, respectively. The NLRB recently has issued a call for amicus briefs on postarbitral deferral, and it seems fairly certain that the ability of employers both to defer unfair practice charges to arbitration and, more importantly, to obtain approval of arbitral awards under the existing and more lenient "repugnancy" standard now is in doubt. (See Spielberg Mfg. Co., 112 NLRB 1080 (1955) and Olin Corp., 268 NLRB 573 (1984).)
  • More scrutiny of decisions to relocate facilities where the decisions to relocate are not based on labor costs. Currently, under Dubuque Packing, these decisions are not subject to a duty to bargain. The General Counsel wants to exert greater control over cases where a union alleges that the employer failed to furnish adequate information to determine whether Dubuque Packing applies.
  • Continued pressure on efforts to enforce mandatory preemployment waivers of class actions under D.R. Horton.
  • Review of decisions to impose discipline due to "exigent circumstances" after a successful union campaign but before the ratification of a collective bargaining agreement. (See Alan Ritchey, 359 NLRB No. 40 (2012).)

Changes in any one of these areas could dramatically change the labor landscape for healthcare employers. Of particular concern seems to be the change in bargaining obligations when employers acquire existing hospitals or skilled nursing facilities. It is often the case that healthcare facilities are for sale because they are not profitable, and they can become profitable only if the cost of existing labor agreements is brought under control.

Of similar concern would be limits on the ability to discipline employees in the highly regulated field of healthcare. Employers may find themselves having to allow for representation at predisciplinary meetings to investigate misconduct, even where there is no union. And in the case where a union is certified as the exclusive representative but does not have a first contract, the employer may be unable to mete out discipline for serious infractions, such as data breaches or violations of patient privacy, or sentinel events.

Keep looking here for updates on these issues as they develop. In the meantime, employers should consult with labor relations professionals to make sure that they remain compliant with the latest NLRB decisions.

For more information, please contact Ellen Shadur Gross; or 310.442.8816.


The Washington Post recently published an article reminding individuals not to tweet or otherwise share information concerning their medical conditions on social media, warning that disclosing such information publicly "is akin to posting your address along with the dates you'll be away on vacation." Quoting Jennifer Trussell, who investigates medical identity theft on behalf of HHS, the article cautions that, "If you tweet about your diabetes diagnosis . . . the next thing you know, you're getting diabetes test strips you didn't order or receive billed to your insurance company." In fact, in some egregious cases, an individual may discover that thieves are maxing out his or her Medicare account by making false claims against his or her policy.

While many individuals closely safeguard their financial information and social security number, they may be less protective of medical diagnoses, seeking support through the use of social media from friends or other acquaintances who may have experienced similar medical conditions. These individuals, however, may not realize that such information can be used in ways that are as harmful to their personal and pecuniary interests as the misuse of financial information.

In fact, research has shown that medical identity theft is unfortunately rising. For example, according to the Ponemon Institute (an organization that conducts independent research on privacy, data protection and information security policy), U.S. victims of medical identity theft rose from an estimated 1.52 million in 2012 to 1.84 million in 2013, representing a jump of 19 percent over one year.

Other key findings from the Ponemon Institute's 2013 Survey on Medical Identity Theft include, but are not limited to, the following: (1) medical identity theft can put victims' lives at risk by creating inaccuracies in permanent medical records; (2) victims lose trust in their healthcare provider following such thefts; (3) individuals lack awareness of the seriousness of this crime (e.g., 50 percent of victims do nothing to protect themselves from future thefts); (4) individuals rarely check their medical records (e.g., 78 percent of respondents indicated that they are not doing so); and (5) many cases of medical identity theft can be prevented (in fact, the majority of respondents indicated that the medical theft occurred because the individual shared personal or medical information with someone they knew, or a family member used such information without consent).

Responding to and mitigating the aftereffects of medical identity theft is costly. Thirty-six percent of affected individuals incurred out-of-pocket costs in connection with such theft, facing average expenses of $18,660. Ponemon estimates U.S. victims incurred total out- of-pocket costs of $12.3 billion last year alone.

Costs also may be incurred by entities to which HIPAA applies, including where such thefts constitute a breach under 45 C.F.R. § 164.402. Though not HIPAA-specific, Ponemon also has published a study generally covering costs incurred by organizations responding to data breaches. The study concludes that the U.S. experienced the highest average total cost of a data breach at more than $5.4 million (compared to nine other countries, including Germany, the United Kingdom and France, where privacy laws generally are considered stricter than those in the U.S.), and that the healthcare industry had the highest per capita data breach cost at $233 per compromised record, compared to a consolidated average among all countries of $136 per record. This same study also cites malicious or criminal attacks as the most frequent cause of data breach globally at 37 percent.

These studies illustrate the need for organizations and individuals to remain vigilant in protecting sensitive health information. While inadvertent breaches occasionally occur, policies and procedures directed at protecting personally identifiable information must be proactive and address vulnerabilities and areas of risk that can be exploited by criminals. For organizations, these policies should include robust social media guidelines; and for individuals, always remember that sharing sensitive personal information on social media does not occur in a vacuum.

Should you have any questions regarding this subject, please contact Lynn Sessions, or 713.646.1352; or Anne C. Foster, or 216.861.7258 or any one of the members of our data privacy team.


Counsel Lee Rosebush and associate Cory Fox recently authored an article for the January/February 2014 edition of the American Society for Pharmacy Law's journal, Rx Ipsa Loquitur. In the article, "FDA Warning Letters under New Compounding Pharmacy Law Emphasize Registration," they discuss warning letters issued by the FDA, pursuant to its expanded authority under the Drug Quality and Security Act, to two compounding pharmacies, one in Arizona and one in North Carolina. Rosebush and Fox write that the letters–which state that the pharmacies are compounding drugs without a valid prescription and that only registered outsourcing facilities may engage in such activities--"indicate that the agency will require entities compounding drugs without a prescription to register as outsourcing facilities." In conclusion, they write, "entities that compound drugs in bulk without a prescription should carefully consider registering as an outsourcing facility in order to avoid potential FDA enforcement actions."

Read the full article.


March 7

Houston partner Lynn Sessions will speak on "Regulation Overload: Defending Against Privacy and Data Breaches to Mitigate Penalties" at the Advanced Forum on Healthcare Provider Disputes sponsored by the American Conference Institute in Miami, Florida.

March 21

Cleveland counsel Tom Campanella will speak on "Hot Topics in Health Care That Will Impact You and Your Organization" at a meeting of the Central Ohio Healthcare Financial Managers Association in Columbus, Ohio.

March 25

Houston partner Lynn Sessions will speak on "Mobile Workforces & BYOD Programs: Evaluating Risks as a Result of the Latest Cyber Threats" at the Advanced Forum on Cyber & Data Risk Insurance sponsored by the American Conference Institute in Chicago, Illinois.

March 31

Houston partner Lynn Sessions will speak on "Managing a Healthcare Data Breach Response: Lessons Learned & Best Practices" at the HFMA Texas State Conference 2014 in Austin, Texas.

April 3

Houston partner Lynn Sessions will speak on "HIPAA/HITECH: The Final Rule" at a Healthcare Educational Workshop sponsored by Beazley in Los Angeles, California.

April 4

Washington, D.C. counsel Lee Rosebush will speak on "What's Next: The Ever Changing Landscape of Pharmacy Compounding" at the 136th Ohio Pharmacists Association Annual Conference in Columbus, Ohio.

April 8

Houston partner Lynn Sessions will speak on "Cyber Liability" at the 2014 Higher Education Risk Management Conference sponsored by The University of Texas System in Lost Pines, Texas.

April 10

Houston partner Scott McBride will speak on "The New Age of False Claims Act Enforcement and Investigations" at the 26th Annual Health Law Conference sponsored by The University of Texas School of Law in Houston, Texas.

April 11

Houston partner Susan Feigin Harris will speak on "Impact of the Affordable Care Act on Texas" at the 26th Annual Health Law Conference sponsored by the University of Texas School of Law in Houston, Texas.

Houston partner Scott McBride will moderate a panel on "The False Claims Act: What Every In-House Lawyer Needs to Know" at the 36th Annual Corporate Counsel Institute sponsored by The University of Texas School of Law in Dallas, Texas.


Baker & Hostetler LLP publications are intended to inform our clients and other friends of the firm about current legal developments of general interest. They should not be construed as legal advice, and readers should not act upon the information contained in these publications without professional counsel. The hiring of a lawyer is an important decision that should not be based solely upon advertisements. Before you decide, ask us to send you written information about our qualifications and experience.


Kathleen P. Rubinstein, MPA

Healthcare Industry
Key Contacts

James C. Rawls

B. Scott McBride

Noah D. Rosenberg