The federal government has offered substantial incentives to providers to adopt and use certified electronic health record (EHR) technology. As of October 2018, the federal government had paid over $38 billion in EHR incentive payments through the Promoting Interoperability Program (formerly, the Meaningful Use Program). Other federal health care program policies also encourage use of certified EHR technology through enhanced payments or avoidance of decreased reimbursement. These EHR-related payment policies, however, have triggered increased oversight and enforcement attention on EHR vendors who have allegedly misrepresented the capabilities of their EHR software and allegedly paid kickbacks to customers.

In 2017, DOJ announced a settlement with eClinicalWorks (eCW), an EHR vendor, to resolve an FCA lawsuit originally brought as a qui tam action by a whistleblower. DOJ’s complaint-in-intervention alleged that eCW made material false statements and concealed material facts about the capabilities of its software in connection with the government’s EHR certification process.[1] It also alleged that eCW paid purported kickbacks in connection with certain marketing arrangements (i.e., a referral program, site visit program, and a reference program) with influential customers to induce them to recommend eCW’s EHR software, in violation of the federal Anti-Kickback Statute (AKS).[2]

As part of the settlement, eCW agreed to pay $155 million and to enter into a novel, five-year Corporate Integrity Agreement (CIA) with the HHS OIG. Among other things, the CIA required eCW to engage an independent Software Quality Oversight Organization to assess eCW’s software quality control systems and to regularly report to OIG and eCW on its reviews and recommendations. Further, the CIA required eCW to offer free upgrades and data transfers to its current customers. This was a ground-breaking settlement that raised the question of whether this was the beginning of government and whistleblower attention on (and FCA actions against) EHR vendors. This question was seemingly answered in the affirmative when DOJ announced a second settlement with an EHR vendor in early 2019.

On February 6, 2019, EHR vendor Greenway Health LLC (Greenway) entered into a similar settlement to resolve an FCA case filed by the US Attorney’s Office in Vermont. Interestingly, a whistleblower did not initiate the Greenway case. Rather, DOJ pursued it directly. Like eCW, Greenway faced allegations that its EHR system did not function in the way it represented it during the certification process.[3] One specific allegation was that Greenway provided some customers whose EHR software was improperly calculating certain meaningful use measures (which providers are required to achieve to be eligible for incentive payments) with incorrect calculations in order to enable them to receive incentive payments.[4] According to DOJ, this allegedly caused some Greenway customers to submit false claims to HHS for payment under the Promoting Interoperability Program.

Like in the eCW case, the government complaint against Greenway also alleged that certain payments from Greenway to its customers pursuant to certain reference, referral, and site visit programs violated the AKS.[5] Additionally, the government accused Greenway of giving its favored customers extravagant gifts, including “iPads, meals, travel, tickets to sporting events and entertainment, all for the purpose of inducing these users to either continue using Greenway’s products or recommend Greenway to other health care providers . . . .”[6] To resolve these allegations, Greenway agreed to pay $57.25 million, and to enter into an eCW-like CIA.

Practice Note: While many questions remain, including whether a court would agree with DOJ that the AKS applies to these situations, we expect to see continued government and relator scrutiny of EHR vendors. In light of this continued focus, EHR vendors should ensure that they: (1) take care to accurately and transparently demonstrate their software during HIT certification program testing; (2) review, and consider improvements to, their systems and other procedures for identifying, responding to and correcting software design and quality issues that call into question EHR software’s conformity to applicable EHR certification criteria or present patient safety or clinician usability risks; and (3) review existing customer reference, referral and marketing arrangements for compliance with the Anti-Kickback Statute. If an EHR vendor receives investigative requests from the federal government, it should engage outside counsel.

This blog post was originally published in McDermott’s Health Care Enforcement Quarterly Roundup | Q1 2019. Click here to view the full report. 

[1] United States , ex rel. Brendan Delaney v. eClinicalWorks, LLC, Complaint in Intervetion, 2:15-CV-00095, D. Vermont (May 12, 2017).
[2] Id. ¶¶79-85.
[3] Id.
[4] United States v. Greenway Health, LLC, Complaint, 2:19-CV-00020 at ¶¶ 76-112, D. Vermont (February 6, 2019).
[5] Id. ¶¶113-125.
[6] Id. ¶¶ 126-27.

DOJ’s focus on individual accountability is particularly important with respect to telemedicine. Telemedicine is a burgeoning field, with a projected market increase of 18 percent annually over the next six years, reaching $103 billion in 2024. In light of this recent surge in profitability, DOJ has begun paying extra attention to telemedicine, with at least one recent HHS-OIG report asserting that more than one-third of all telemedicine claims are improper.

The report’s claim is further supported by a recent increase in telemedicine prosecutions. In April 2019, DOJ announced charges against 24 defendants, including owners of various telemedicine companies, for their alleged involvement in a health care fraud scheme resulting in $1.2 billion in loss. This scheme involved the payment of kickbacks and bribes by durable medical equipment (DME) companies to medical professionals working with telemedicine companies, in exchange for the referral of Medicare beneficiaries. DOJ alleges that the defendants paid doctors to prescribe medically unnecessary DME without ever seeing patients or after only a brief telephone conversation. The prosecution involves charges in at least seven districts across the United States, including New Jersey, Florida, Texas, Pennsylvania, and California. Additionally, DOJ prosecuted several other individuals in connection with unrelated telemedicine schemes in late 2018 (see the agency’s press releases here, here and here). In light of this recent trend, companies should exercise extreme caution and consult with regulatory experts prior to opening telemedicine practices. Companies can expect to see increased scrutiny and further prosecution of telemedicine companies moving forward.

Practice Note: DOJ has recently re-emphasized its willingness to exercise significant discretion and reward companies that invest in strong compliance programs. Looking forward, health care companies should maintain detailed and up-to-date documentation of all compliance programs, in case such an FCA case should arise. A lawyer should be consulted if an updated compliance program is needed.

This blog post was originally published in McDermott’s Health Care Enforcement Quarterly Roundup | Q1 2019. Click here to view the full report. 

We are pleased to share that Chambers USA has once again named McDermott Health the only firm to receive a Band 1 national ranking in health care. This year’s Band 1 placement marks 10 consecutive years of securing a top national ranking in this prestigious law firm directory, and the ninth year that we have held this position exclusively. The Health team also garnered Band 1 state-level rankings in California, Florida, Illinois, Massachusetts and Washington, DC—cities and states where we have substantial health law teams—and 29 McDermott health lawyers were ranked individually.

Click here to view the full announcement. 

The end of 2018 and the first months of 2019 brought a number of regulatory developments impacting care coordination and the adoption and reimbursement of digital health services. From the Centers for Medicare & Medicaid Services’ (CMS) Regulatory Sprint to Coordinated Care and Pathways to Success initiatives to the updated Physician Fee Schedule, speakers Dale Van Demark and Lisa Schmitz Mazur discuss the rules and regulations that have the potential to enhance or hinder access to digital health solutions and how digital health companies can position themselves for success in this evolving regulatory landscape.

Click here to listen to this episode of the Of Digital Interest podcast. 

The digital health market is expected to grow beyond $379 billion by 2024, with a 27.7 percent compounded annual growth rate over the coming years. This activity is fueled by increasing demand for remote monitoring services, favorable government initiatives and funding, and the proliferation of mobile intelligent devices. An article by Rock Health noted that in 2018, “investors poured nearly $8.1B into the sector, surpassing 2017’s record-setting total of $5.7B by a whopping 42%.”

Amidst this growth, digital health startups are seeking to make the most of their funding and protect the innovations that drive their product. To do so, they must protect their intellectual property from being copied or duplicated by others in the market. Patents offer the strongest form of protection for innovations and can lead directly lead to increased investment. For digital health startups that eventually go public, valuation can reach $1.1 million per software patent application filed.

An issued patent in the United States gives the patent owner a 20-year monopoly right to stop others from making, using or selling the patented invention. A digital health company with a patent on a software feature—for example, a unique approach to dynamically generate a questionnaire based on user information for a remote health consult—has the right to stop competitors from making, selling or using software that includes that feature. Digital health companies, particularly pre-IPO, should develop a patenting strategy to assess how best to protect the innovations that drive their business and increase the company’s monetary value and longevity. If you have ever said one of the following phrases, your company likely will benefit from a discussion with patent counsel on how to protect your inventions:

  • We’re the first ones to ever do this.
  • None of our competition does this.
  • This feature drives a lot of business to our company.
  • This feature was really hard to implement, but we found a way to do it.

Continue Reading Patenting Your Digital Health Tech: When, Why and How

We greatly appreciate our readers continuing to turn to us for insight on the most critical legal, regulatory and transactional developments impacting digital health, and the innovative collaborations transforming health care. Over the past year, McDermott’s Health practice made headlines for our work on several of the most high-profile collaborative transformations that took place in 2018: We were one of several law firms to advise CVS Health Corp. on its approximately $70 billion cash and stock purchase of health insurer Aetna Inc. McDermott also assisted Air Medical Group Holdings in its $2.44 billion acquisition of American Medical Response (AMR), a medical transportation company, from Envision Healthcare Corporation. It is because of our role in ground-breaking transactions like these that—for the fifth time in 10 years—McDermott was recognized by Law360 as the Health Practice Group of the Year.

We’re passionate about the results our digital health clients are achieving and our role in helping them transform health care. We are equally passionate about what these results mean for the industry and health care consumers. Through our blogs, articles and health-focused events, we are committed to providing you with thought leadership that will help expand your field of vision as you navigate the rapidly changing health care landscape.

To read Law360’s profile of McDermott’s industry-leading health care practice, click here. McDermott was also named Practice Group of the Year in the Tax category. For more information about our approach to Collaborative Transformation, visit mwe.com/collaborativetransformation.

New digital health regulations arose at the federal and state level in 2018, bolstering the existing legal framework to further support and encourage digital health adoption in the context of care coordination and the move to value-based payment. McDermott’s 2018 Digital Health Year in Review: Focus on Care Coordination and Reimbursement report – the second in a four-part series – highlighted these developments within the digital health landscape. These efforts brought changes to coverage of telehealth and other virtual care services, as well as information gathering for regulatory reform, and can help bridge the gap between research, funding and implementation as regulations build a framework within which companies can deploy their products, receive reimbursement and demonstrate value to patients. Here we outline digital health developments from the second half of 2018 and how they can help drive digital health forward in 2019. For a closer look at key care coordination and reimbursement developments that shaped digital health in 2018, along with planning considerations and predictions for the digital health frontier in the year ahead, download our full report.

To view the first report in the series, 2018 Digital Health Year in Review: Focus on Data, click here.

Data privacy and security legislation and enforcement saw significant activity in 2018 and early 2019. McDermott’s 2018 Digital Health Year in Review: Focus on Data report – the first in a four-part series – highlights notable developments and guidance that health care providers, digital health companies and other health care industry stakeholders should navigate in 2019. Here, we summarize four key issues that stakeholders should watch in the coming year. For more in-depth discussion of these and other notable issues, access the full report.

  1. EU General Data Protection Regulation (GDPR) enhances protections for certain personal data on an international scale. US-based digital health providers and vendors that either (a) offer health care or other services or monitor the behavior of individuals residing in the EU, or (b) process personal data on behalf of entities conducting such activities should be mindful of the GDPR’s potential applicability to their operations and take heed of any GDPR obligations, including, but not limited to, enhanced notice and consent requirements and data subject rights, as well as obligations to execute GDPR-compliant contracts with vendors processing personal data on their behalf.
  2. California passes groundbreaking data privacy law. The California Consumer Privacy Act (CCPA), which takes effect on January 1, 2020, will regulate the collection, use and disclosure of personal information pertaining to California residents by for-profit businesses – even those that are not based in California – that meet one or more revenue or volume thresholds. Similar in substance to the GDPR, the CCPA gives California consumers more visibility and control over their personal information. The CCPA will affect clinical and other scientific research activities of academic medical centers and other research organizations in the United States if the research involves information about California consumers.
  3. US Department of Health and Human Services (HHS) Office of Civil Rights (OCR) continues aggressive HIPAA enforcement. OCR announced 10 enforcement actions and collected approximately $25.68 million in settlements and civil money penalties from HIPAA-regulated entities in 2018. OCR also published two pieces of guidance and one tool for organizations navigating HIPAA compliance challenges in the digital health space.
  4. Interoperability and the flow of information in the health care ecosystem continues to be a priority. The Office of the National Coordinator for Health Information Technology (ONC) submitted its proposed rule to implement various provisions of the 21st Century Cures Act to the Office of Management and Budget (OMB) in September 2018; this is one of the final steps before a proposed rule is published in the Federal Register and public comment period opens. The Centers for Medicare & Medicaid Services (CMS) released its own interoperability proposed rule and finalized changes to the Promoting Interoperability (PI) programs to reduce burden and emphasize interoperability of inpatient prospective payment systems and long-term care hospital prospective payment systems.

Last week, President Trump signed the SUPPORT for Patients and Communities Act (SUPPORT Act), a bipartisan piece of legislation designed to tackle the opioid crisis by, among other approaches, increasing the use of telemedicine services to treat addiction. Several key provisions are summarized below.

The package includes provisions to expand public reimbursement for telemedicine services that focus on addiction treatment. Specifically, the legislation removes Medicare’s originating site requirement for substance abuse treatment provided via telemedicine, meaning that health professionals can receive Medicare reimbursement even if the patient is not located in a rural area. In addition, the Centers for Medicare and Medicaid Services (CMS) has been directed to issue guidance to states regarding possible ways that Medicaid programs can receive federal reimbursement for treating substance abuse via telemedicine. The legislation explicitly identifies services provided via a hub and spoke model and in school-based health centers, among others, as those that should be eligible for federal reimbursement.

In another development, the US Drug Enforcement Agency (DEA) is now required to implement regulations regarding a special registration process for telemedicine providers within one year of the passage of the SUPPORT Act. The aim of this process is to expand health providers’ ability to prescribe controlled substances to patients in need of substance use disorder treatment based on a telemedicine consultation, without having to conduct an in-person evaluation first. This special registration process was originally contemplated 10 years ago under the Ryan Haight Online Pharmacy Consumer Protection Act of 2008 (Ryan Haight Act) as one of the seven pathways through which a telemedicine provider could prescribe a controlled substance to his/her patient without having first conducted an in-person evaluation, but the DEA never issued any regulations to effectuate it. At present, the special registration process and requirements (e.g., registration costs, application processing timeline, provider qualifications) are still largely unknown. The answers to these open issues will determine how accessible this new registration pathway will be to substance use disorder providers and, therefore, how impactful it will be in connecting patients in need of substance use disorder treatment with qualified providers.

In addition to these policy reforms, the SUPPORT Act also directs government agencies to conduct additional research into the possible benefits of telemedicine technology for treating substance abuse. Both CMS and the Government Accountability Office (GAO) are tasked with publishing reports concerning the use of telemedicine technology for treating children: CMS is directed to analyze how to reduce barriers to adopting such technology, and GAO is directed to evaluate how states can increase the number of Medicaid providers that treat substance use disorders via telemedicine in school-based clinics. Furthermore, the Department of Health and Human Services must issue a report regarding the impact of using telemedicine services to treat opioid addiction within five years.

On November 1, 2018, the Centers for Medicare and Medicaid (CMS) issued final rules for updating the 2019 Medicare Physician Fee Schedule to implement recent telehealth-related legislative reforms. As reported in our Digital Health Mid-Year Report: Focus on Medicare, these changes are expected to have a material impact on the ability of providers to receive payment for delivering telehealth services. Certain key changes are highlighted below:

  • Qualified providers may be reimbursed when providing telehealth services for stroke and kidney disease—even when patients are located in their own homes.
  • Qualified providers may receive a small amount of reimbursement for holding “virtual check-in[s]” with patients and when they evaluate recorded video and images from an established patient. CMS noted that these changes are aimed at allowing providers to help determine whether an in-person visit or additional follow-up is needed. Doing so “increase[s] efficiency for practitioners and convenience for beneficiaries.”
  • CMS also issued an interim final rule related to the recently-signed SUPPORT for Patients and Communities Act, a bipartisan piece of legislation that was passed to combat the opioid crisis. Similar to the Bipartisan Budget Act, the SUPPORT Act removed the originating site requirement for substance abuse and related mental health treatments. There is a 60-day comment period before this rule will be finalized.

Together, these rules represent a substantial expansion of Medicare reimbursement for services provided via telehealth.  For additional guidance on how to interpret and implement these new changes, please contact your regular McDermott attorney.