Hospitals & Health Systems

In an opinion written by Judge Posner, the Seventh Circuit on Friday, June 9, 2017, affirmed OSF Saint Francis Medical Center’s summary judgment win in a $300 million antitrust suit brought by a smaller competitor alleging unlawful exclusive dealing and attempted monopolization.  This alert discusses the Court’s decision in this case, which is a notable precedent for hospitals and provider networks — particularly those with substantial market shares — that wish to negotiate narrow and exclusive network agreements with payors.

Earlier this week, my colleagues Bruce Sokler, Robert Kidwell, Dionne Lomax, and Farrah Short published an alert about the federal district court for the Eastern District of Michigan’s recent decision to deny both the government’s and defendant hospital’s respective motions for summary judgment in a suit filed by the Department of Justice and the Michigan Attorney General in 2015 against W.A. Foote Memorial Hospital, d/b/a Allegiance Health (“Allegiance”), Hillsdale Community Health Center (“HCHC”), Community Health Center of Branch County (“Branch”), and ProMedica Health System, Inc. (“ProMedica”).  In this case, the government alleged that HCHC orchestrated agreements among the hospitals not to advertise or otherwise market in each other’s territories for competing health care services in violation of the Sherman Act.  (You can read Dionne’s previous alert on the Allegiance complaint here.)  HCHC, Branch and ProMedica have each settled, leaving Allegiance as the sole defendant. Continue Reading Antitrust Suit Against Michigan Hospital Moves Forward After Federal District Court Denies Both Sides’ Motions for Summary Judgment

Earlier this month, the Office of the Inspector General for the Department of Health and Human Services (“OIG”) published its Semiannual Report to Congress covering the period from October 1, 2016 to March 31, 2017.  The report describes OIG’s work and accomplishments during the 6-month reporting period. Like other OIG reports, including the annual OIG Work Plan, the report gives a good indication of priority areas for OIG and can help guide compliance priorities for providers.  Below are some highlights of the report in the following focus areas: Continue Reading OIG Publishes Semiannual Report to Congress

Last week, the Congressional Budget Office (CBO) concluded that a key piece of telehealth legislation, the CHRONIC Care Act of 2017, would not, overall, increase or decrease Medicare spending. This score is significant as it marks the first time that CBO has concluded that providing enhanced Medicare coverage for telehealth services would be budget neutral and clears the path for Congress to pass the legislation in a tough political climate.  Continue Reading CBO Greenlights Telehealth Provisions in Senate’s CHRONIC Care Act

Last week, the Department of Justice (DOJ) entered into a $34 million settlement with Mercy Hospital Springfield (“Hospital”) of Springfield, Missouri, and its affiliate Mercy Clinic (“Clinic”). The settlement resolves an allegation that the Clinic violated the Stark Law by compensating twelve Clinic physicians in a manner that took into account the volume and value of the physicians’ referrals to the Hospital’s infusion center.  The U.S. contended that the defendants’ Stark Law violations caused their reimbursement claims to Medicare for infusion services to violate the False Claims Act. Continue Reading Hospital and its Clinic Agree to $34 Million Settlement to False Claims Act Allegation that Compensation to Oncologists Violated the Stark Law

Press ReleaseThe U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced another large HIPAA-related settlement last week with Memorial Hermann Health System (Memorial Hermann), the largest not-for-profit health system in southeast Texas.  Memorial Hermann agreed to pay $2.4 million and to comply with a corrective action plan after publicly disclosing a patient’s name in the title of a press release regarding an incident at one of its clinics.  In a week that has been filled with high-tech cybersecurity issues (see our recent blog posts on the WannaCry attack here and here), this settlement is a good reminder of HIPAA obligations unrelated to technology.

Continue Reading Memorial Hermann’s Use of Patient Name in Press Release Leads to $2.4 Million HIPAA Settlement

By now, you may have heard about the global ransomware attacks affecting health care and other organizations throughout the world, in particular the United Kingdom, but also in the United States. The ransomware variant, called “Wanna Decryption” or “WannaCry” works like any other ransomware: once it is inadvertently installed, it locks up the organization’s data until ransom is paid.  Here are some quick facts about the WannaCry attack and suggestions for avoiding it. Continue Reading Ransomware Attack – Quick Facts

It was a busy April for the Office for Civil Rights (“OCR”) (see our prior post on a settlement from earlier in April).  On April 20, OCR announced a Resolution Agreement with Center for Children’s Digestive Health, S.C. (“CCDH”) related to CCDH’s failure to enter into a business associate agreement with a paper medical records storage vendor.  The cost of that missing agreement?  $31,000.  Then, on April 24, OCR announced a settlement with CardioNet, a remote monitoring company for cardiac arrhythmias, related to CardioNet’s failure to implement compliant HIPAA policies and procedures and failure to conduct a sufficient risk assessment.  The price of those failures?  $2.5 million! Continue Reading Two HIPAA Mistakes Lead to Fines from OCR

Boston_StateHouseNext week, the Massachusetts House will continue the budget process and debate over 1000 amendments that members filed to the House Ways and Means Committee’s proposed $40.3 billion FY2018 budget. The Committee’s budget includes some notable departures from Governor Baker’s proposed budget, including changes to budget items impacting the health care industry. In an Alert released earlier this week, my ML Strategies colleagues Julie CoxSteven BaddourDan ConnellyCaitlin BeresinMax Fathy and Haejin Hwang describe some of the variances in health care and public health spending proposals. Continue Reading Massachusetts Budget Process Continues with Impact on Health Care

Earlier this week, the Mintz Levin privacy team  updated the “Mintz Matrix,” a summary of the U.S. state data breach notification laws, with updates from New Mexico, Tennessee, and Virginia.  As the privacy team reports, with New Mexico enacting a data breach notification law, only Alabama and South Dakota remain the only states without data breach notification laws.  Their full blog post on the updates is available here.

In addition to complying with HIPAA, health care organizations must remain aware of the separate state notification obligations and other privacy and security laws when responding to data breaches.  These states laws are often broader than HIPAA and apply may apply to personally identifiable information that is not protected health information.

Our quick disclaimer: The Mintz Matrix is for informational purposes only and does not constitute legal advice or opinions regarding any specific facts relating to specific data breach incidents. You should seek the advice of experienced legal counsel (e.g., the Mintz Levin privacy team) when reviewing options and obligations in responding to a particular data security breach.