As of Nov. 1, 2019, hospitals — as well as other types of health care providers — submitting claims to Missouri or Illinois Medicaid programs will be subject to a new restrictive rule concerning ordering, referring and prescribing providers (ORP). The ORP rule may result in hospitals unexpectedly having some Medicaid claims denied. Below is a description of the rule, some differences between Missouri and Illinois, where the rule comes from, and what claims it applies to.

Under the ORP rule (called the “OPR” rule in Missouri), hospital claims will be denied if any providers listed on the claim form are not enrolled in that state’s Medicaid program (also known as “non-participating” providers). Put differently, every provider listed on a hospital claim form must be enrolled in Medicaid. If not, the claim will be denied. That goes for attending providers, referring providers, prescribing providers, operating providers and other providers performing services for which the hospital files a claim, whether for a facility fee or otherwise.

Missouri includes an express exception to the ORP rule for “out-of-state emergency services,” pursuant to 13 CSR § 65-2.020(1)(B). This makes sense. A Medicaid beneficiary cannot be expected to shop around for services in an emergency situation when visiting another state. Even if he or she could, it would be difficult to try to ensure that all physicians who might be involved are enrolled in the Missouri Medicaid program.

In contrast, there is (as of yet) no exception to the ORP rule in Illinois, not even for out-of-state emergency services, which may result in some harsh claim denials. Fortunately, patients and hospitals may at least try to find out if a particular provider participates in Medicaid by checking the Illinois Medicaid Provider Directory.

Missouri physicians may also use a special, simpler enrollment process so their involvement in a patient’s care won’t result in Medicaid claim denials. This enrollment is limited, however, as these providers may not bill Medicaid directly for their services. In Illinois, there is no streamlined enrollment process. A physician who wants to order or refer services for Medicaid patients must go through the regular provider enrollment process, which some providers may find arduous.

The ORP rule comes from Section 6401(b) of the Patient Protection and Affordable Care Act. That legislation added 42 U.S.C. § 1396a(kk)(7), which requires “all ordering or referring physicians or other professionals to be enrolled under the State plan or under a waiver of the plan as a participating provider.” There is also a federal regulation located at 42 CFR § 455.410(b). Each provider’s National Provider Identifier (NPI) must also be listed on the claim form.

States have been implementing the ORP rule at different times. The ORP rule originally was set to go into effect in Illinois on Jan. 1, 2019, but the effective date was delayed and then delayed again until Nov. 1, 2019. It will apply not only to hospital claims, but to all other claims that require ordering or referring providers, including claims for physicians, nurse practitioners, durable medical equipment, home health and imaging.

In Missouri, the ORP rule has been applied since Nov. 1, 2017, to claims for durable medical equipment, home health, independent laboratories and radiology. Beginning on Oct. 24, 2018, drug claims became subject to denial for violating the ORP rule, while other types of claims received only warning messages instead of denials. On Nov. 1, 2019, however, violation of the ORP rule will result in denied claims for hospitals, mental health hospitals, state institution long-term care facilities, nursing homes, private home-ICF/IDs, home health agencies, rural health clinics and hospice claims.

In both states, a denied claim could potentially be approved if all non-participating providers become timely enrolled in Medicaid and the claim is resubmitted. But that may be more hassle than it’s worth, depending on the circumstances.

If you have questions about the ORP rule, please ask one of the attorneys in our Health Care industry group.

Oklahoma is making history in its pending multi-billion-dollar opioid case against Johnson & Johnson, in which the state is accusing the drug manufacturer of irresponsible marketing practices that allowed it to profit from the opioid crisis. The parties await a final decision from Oklahoma Circuit Judge Thad Balkman after a seven-week bench trial that concluded July 15.

Oklahoma has implored the judge to hand down a record $17.2 billion verdict. In light of the financial amount at stake, an appeal of the judge’s decision is almost guaranteed.

Reminiscent of the big tobacco lawsuits of the early 1990s, the Johnson & Johnson case is the first major trial of a pharmaceutical company in which a state is seeking to hold a company accountable for the inflation of the opioid crisis. Specifically, Oklahoma alleges that Johnson & Johnson acted as a public nuisance and engaged in deceptive practices by irresponsibly marketing its opioids to anyone and everyone, downplaying opioids’ addictive qualities and manipulating medical research to garner profits for the monetary rewards derived from manufacturing opioid prescriptions.

In the trial, which began May 28, 2019, Oklahoma Attorney General Mike Hunter argued that Johnson & Johnson engaged in a “cynical, deceitful, multimillion-dollar brainwashing campaign to establish opioid analgesics as the magic drug.” At trial, Hunter attempted to paint a picture of a deeply competitive market in which large pharmaceutical companies like Johnson & Johnson marketed opioids in a way that drove up prescription numbers across the country so the companies could benefit from the inflated market.

Indeed, Johnson & Johnson is not the only large pharmaceutical company to be accused of such practices, simply the only one willing to risk proceeding to trial.

On June 24, 2019, an Oklahoma judge approved a settlement agreement between the state and Teva Pharmaceuticals for $85 million in a case involving identical charges as those levied against Johnson & Johnson. Additionally, on March 26, 2019, Purdue Pharma settled a comparable case in Oklahoma state court for $270 million. Other companies have been accused of similar actions across the country, but these cases are essentially at a standstill until the Johnson & Johnson case concludes.

Johnson & Johnson vehemently denies the allegations, and its attorneys argued that the company promoted the use of opioids in an appropriate and responsible way. Notably, the company’s attorneys stressed that one in five Americans suffers from chronic pain a year, necessitating the need for legitimate opioid prescriptions. The company’s attorneys further stressed that it is the state, as regulator, that has a responsibility to monitor and correct illegal prescribers and users.

Nevertheless, this case remains potentially historic for several reasons:

First, it could prove precedential for the law governing public nuisance claims, as typically public nuisance claims only involve issues surrounding property disputes. Yet, here, Oklahoma brought claims against Johnson & Johnson under a public nuisance theory alleging that Johnson & Johnson created a public health crisis in the state as the result of its deceptive marketing practices. If the court finds in favor of Oklahoma, its decision could have wide-ranging impact on a state’s ability to bring a public nuisance claim against large companies that might have a hand in public health or social crises.

Second, the outcome of this case could radically transform big pharmaceutical companies’ marketing strategies. While lawmakers have never alleged that companies like Johnson & Johnson can never manufacture or sell opioids, they have levied serious accusations against these companies about problems associated with how the opioids are marketed and promoted. As such, this case can essentially be treated as a referendum on the marketing practices of pharmaceutical companies that manufacture opioids and their policies and practices in this realm moving forward. It also could inform lawmakers’ decisions on the potential imposition of regulations governing the advertising and marketing of these types of prescription drugs, similar to those that upended big tobacco in the 1990s.

Finally and most importantly, this case could garner significant historic value as its outcome could dictate a path for other states and municipalities to hold pharmaceutical companies accountable for the opioid epidemic. By this measure, it also could serve as an avenue for states hoping to recoup costs associated with the opioid epidemic by pinning the bill on big pharmaceutical companies. Essentially, this could change the entire dynamic of trials associated with the opioid crisis.

Attorneys and lawmakers, therefore, should pay particular attention to outcome of this case in the weeks ahead due to the historical precedent it could set. If Oklahoma’s strategy proves successful, be prepared to see multiple lawsuits arise in many other states targeting big pharmaceutical companies in a similar manner.

Starting on Jan. 1, 2020, Illinois residents and visitors over age 21 are allowed to purchase, possess, use, or transport cannabis for recreational purposes. Illinois’ legalization of recreational cannabis under state law will impact Illinois and Missouri employers because the drug will be more accessible to their employees.

In fact, the Cannabis Regulation and Tax Act (Cannabis Act) will directly impact Illinois employers’ responsibilities and liabilities when drug testing, disciplining or terminating employees because of the use or possession of cannabis.

Additionally, Illinois employers may be unable to refuse to hire or otherwise disadvantage any applicant or employee because of their off-duty use of cannabis. Under the Illinois Right to Privacy in the Workplace Act (IRPWA), employers are prohibited from discriminating against employees for off-duty use of lawful products. The Cannabis Act will generally make cannabis use legal under Illinois law, but it will remain illegal under federal law.  If IRPWA is deemed to apply to the use of state-lawful products, IRPWA would allow employees to bring a private right of action for damages and employers could be on the hook for statutory penalties, attorneys’ fees and costs. We will be following developments on this issue closely.

Further items to consider:

1. Implications of drug testing: Illinois employers need to beware that a positive drug test for cannabis is insufficient to have a good faith belief that an employee was under the influence of cannabis while at work because an employee may test positive for the drug several days or weeks after use. Instead, employers should rely on articulable symptoms, including but not limited to the employee’s speech, physical dexterity, agility, coordination, demeanor and unusual behavior.
2. Disciplining employees: Illinois employers must have a good faith belief that an employee was impaired by cannabis at the workplace or while performing their duties before disciplining or terminating employment. If an Illinois employer elects to discipline, then the employer must afford the employee a reasonable opportunity to contest the basis of the determination.
3. Employers regulated by USDOT and federal or state contractors: The act does not impact the prohibition on drug use and drug testing for these businesses.

While Missouri employers that have a drug-testing policy and practice can continue to follow that policy and enforce their disciplinary policies, this is a good time for both Illinois and Missouri employers to re-evaluate their disciplinary policies and procedures concerning cannabis use.

If you have questions about the Cannabis Act, developing disciplinary policies and implementing procedures for documenting symptoms that an employee is under the influence of cannabis use, please contact one of the attorneys in our Employment & Labor or Health Care groups.

Certain treatments for chronic conditions can now be covered by high deductible health plans (HDHPs) as preventive care before the deductible is met. Pursuant to an executive order, a new IRS notice will allow individuals with certain conditions, such as asthma or diabetes, to obtain coverage for treatments and medications, such as inhalers and insulin, without first meeting their high deductible.

HDHPs require covered individuals to pay all medical costs, except for preventive care, until the deductible is met. An individual must be covered by a HDHP and have no disqualifying health coverage to be eligible to use a health savings account.

In IRS Notice 2019-45, which was effective July 17, 2019, the Treasury Department and the Internal Revenue Service expanded the preventive care HDHPs may cover to include certain treatments for chronic illnesses. The IRS and Treasury used the following criteria to determine whether a treatment was preventive care:

• the medical service or item is low-cost;
• there is medical evidence supporting high cost efficiency of preventing exacerbation of the chronic condition or the development of a secondary condition; and
• there is a strong likelihood, documented by clinical evidence, that with respect to the class of individuals prescribed the item or service, the specific service or use of the item will prevent the exacerbation of the chronic condition or the development of a secondary condition that requires significantly higher cost treatments.

The appendix to the notice lists the following approved preventive care treatments:

The notice does not mandate that HDHPs cover the treatments as preventive care. Sponsors of HDHPs can choose whether they want to classify the treatments as preventive care that can be covered prior to an individual meeting his or her deductible.

This is Part 1 in a two-part series. Part 1 will focus on employee non-compete assignability in asset purchase transactions, and Part 2 will address stock purchase or merger transactions.

Health care employers such as medical groups or hospitals have a valuable stake in protecting their businesses interests by having covenants not to compete in place for important employees such as physicians. Whether these non-competes are assignable by a seller to a buyer can be an important consideration in structuring a business transaction involving the purchase of a health care business enterprise.

The parties to an asset purchase transaction must balance the tax and other advantages of an asset purchase with the more limited ability of the seller to assign to a buyer an employee covenant not to compete in an employment agreement without employee consent. The ability to assign such a contract is important in that it enables the buyer in a transaction the ability to enforce the non-compete against the employee in the event the employee declines employment or soon after closing leaves employment with the buyer.

Under Missouri law, if a contract is silent on the issue of assignability, it is usually assignable without consent unless it involves a personal services contract such as a physician employment agreement. A personal services contract involves a relationship of personal confidence between the employer and employee for the employee’s specialized knowledge or skills, such as those possessed by physicians. Thus, a contract for personal services in an asset purchase context requires both parties to consent to the assignment of the agreement, even if the document is silent on assignment. This can pose a potential risk to the ability to successfully close the transaction if the physician employees of a seller refuse to accept employment with the buyer or consent to an assignment of the contract and then enter into an employment relationship with a competitor.

An employee covenant not to compete, or non-compete, is generally an agreement by an employee not to compete with the business of the employer for a specified time frame within a defined geographic area. Missouri courts have narrowly construed the circumstances under which covenants not to compete are enforceable. Whether a physician or employee non-compete is otherwise enforceable, valid or has adequate consideration is outside the scope of this series of blog posts. To learn more about the enforceability of non-competes in general, please visit the Greensfelder SimplyHR blog sections on non-compete agreements and restrictive covenants.

Assuming that a particular non-compete is properly structured and validly established, the Missouri Supreme Court has not ruled on the issue of the assignability of a covenant not to compete in an asset purchase transaction. In Symphony Diagnostic Services No. 1, Inc. v. Greenbaum, 828 F.3d 643 (8^th Cir. 2016), the Eighth Circuit Court of Appeals predicted that, in an asset purchase, Missouri’s high court would allow assignment of a stand-alone non-compete without employee consent if such non-compete does not otherwise address the issue of assignment. If a stand-alone employee non-compete is not an ancillary part of a larger employment agreement, it will likely not be deemed a personal services contract under Missouri law. This is because a freestanding non-compete contract merely requires the employee to refrain from competing with the employer rather than requiring an affirmative action such as providing professional services in connection with a personal services contract. The Symphony court noted that the result may have been different had the assignment resulted in a material change in the obligations of the employee or if the employee agreed to the non-compete only because of an employer’s specific qualities. By contrast, a non-compete contained in a physician employment agreement would likely be considered a personal services contract that is not freely assignable without consent.

Interestingly, the court in Symphony indicated that it saw no reason to view the assignability of a non-compete differently in an asset purchase than with a stock purchase simply because the acquisition took the form of an asset sale rather than a sale of stock. In light of this statement, it will be interesting to see how the Missouri courts address the precise issue of assignability with an asset purchase in the future. Note that Part 1 of this blog series is limited to an analysis of employee non-compete assignability in asset purchase transactions; assignability of employee non-competes under Missouri law in a stock purchase or merger transaction will be the subject of Part 2 of this two-part series.

Due diligence is particularly important to make sure the contracts the buyer wants transferred can be assigned under Missouri law and whether there are any prohibitions on assignment or change of ownership or control in the language of these contracts. To retain flexibility and make sure a contract is assignable in the event of an asset purchase, employers should consider incorporating clauses in their employment contracts that specifically permit the employer to assign the contract — especially in the event of an asset sale or change in ownership or control. In the absence of this, the parties would need to expressly consent to the assignment of an employment agreement with a non-compete to a buyer. As a practical matter, however, our experience with health care asset purchase transactions is that the acquiring hospital or medical group usually wants to use its own physician contracts with new non-competes rather than accept or obtain consent to assignment of the seller’s physician employment agreements.

Where the laws of a state other than Missouri apply, the analysis must be tailored to each state, as the laws may vary on this issue. Each situation, assignment language, transaction and employment agreement is uniquely different with facts and circumstances that should be carefully analyzed by competent counsel.

The Office of Civil Rights (OCR) within the Department of Health and Human Services (HHS) has been able to hold “business associates” directly liable for certain HIPAA violations since 2009, with the passage of the Health Information Technology for Economic and Clinical Health (HITECH) Act. Under HIPAA, a “business associate” is an entity that receives protected health information (PHI) in order to provide services to a “covered entity” (such as a health care provider, a health plan, or a heath care clearinghouse).

The OCR’s enforcement tools include criminal charges as well as potentially substantial civil penalties. In 2016, for example, the OCR entered into a $650,000 settlement with the Catholic Health Care Services of the Archdiocese of Philadelphia. More recently, on May 23, 2019, the OCR reached a $100,000 settlement with Medical Informatics Engineering, Inc., another business associate, for HIPAA violations.

The day after the OCR’s most recent settlement, HHS released a Fact Sheet that lists the HIPAA violations for which a business associate may be directly liable to the OCR. Generally, business associates: (1) must completely comply with the HIPAA Security Rule; (2) must comply a significant portion of the HIPAA Privacy Rule; and (3) must report breaches of unsecured PHI to covered entities or other business associates under the HIPAA Breach Notification Rule.

More specifically, a business may be liable for:

• Failing to provide records and compliance reports to HHS.
• Failing to cooperate with complaint investigations and compliance reviews.
• Failing to give HHS access to information, including PHI, pertinent to determining compliance.
• Retaliating against any person for filing a HIPAA complaint, participating in an investigation or other enforcement process, or opposing an act or practice that violates HIPAA.
• Failing to comply with the requirements of the HIPAA Security Rule.
• Failing to notify a covered entity or another business associate of a breach.
• Impermissible uses and disclosures of PHI.
• Failing to disclose a copy of electronic PHI to either the covered entity, the individual, or the individual’s designee (whichever is specified in the business associate agreement) to satisfy a covered entity’s obligations regarding the form and format, and the time and manner of access.
• Failing to make reasonable efforts to limit PHI to the minimum necessary.
• Failing, in certain circumstances, to provide an accounting of disclosures.
• Failing to enter into business associate agreements with subcontractors that create or receive PHI on the business associate’s behalf, or failing to comply with the implementation specifications of such agreements.
• Failing to take reasonable steps to address a material breach or violation of a subcontractor’s business associate agreement.

For other HIPAA violations, the OCR may have limited authority to hold a business associate directly liable. For example, the Fact Sheet specifically notes that the “OCR lacks the authority to enforce the ‘reasonable, cost-based fee’ limitation in 45 C.F.R. § 164.524(c)(4) against business associates because the HITECH Act does not apply the fee limitation provision to business associates.” As a result, the OCR only has the authority to go after the covered entity for such violation, even though the business associate committed the violation.  

It is unclear if the OCR’s recent settlement and release of the Fact Sheet indicate that the OCR will be ramping up enforcement proceedings against business associates. But that is a possibility. As a result, business associates should be mindful of their potential liability, and covered entities should continue to monitor their business associates for HIPAA compliance.

There has been a lot of movement throughout the country on the state level to prevent patients from receiving surprise medical bills when they receive unanticipated care from out-of-network providers while seeking care from in-network providers. For example, in 2018, Missouri passed such legislation, which banned surprise medical bills for patients who are treated by an out-of-network physician at an in-network emergency room.

Now, there is also a bill pending in Congress called the STOP Surprise Medical Bills Act. It would not only protect patients from receiving surprise balance bills when they receive emergency care from an out-of-network facility or provider but also in the following situations:

1. receiving elective health care services from out-of-network providers at in-network facilities;
2. receiving health care services at an out-of-network facility following emergency care and not being able to travel to a different facility without medical transport; and
3. receiving out-of-network laboratory or imaging services ordered by an in-network provider at that provider’s office.

If this legislation passes, health care providers and/or health plans that violate these provisions would be subject to civil monetary penalties.

We recommend health care providers closely follow this bill as it makes its way through Congress. Future health care delivery is certainly leading to more transparency and price awareness by consumers.

The expansion of telehealth is changing the landscape of health care. This is the final installment in a four-part series exploring what providers should know about this growing area.

There are many business models and provider arrangements for the provision of telehealth. Given the regulatory climate and increasing use of telehealth by health care providers and patients, these business models and provider arrangements are continuing to change.

Health care providers should think about how telehealth is provided pursuant to the model and provider arrangements to ensure regulatory compliance, proper documentation, and the ability to receive reimbursement for the provision of telehealth. The following are just a few examples of telehealth models and provider arrangements:

• Chronic care management – Pain management clinic contracts with a physician practice group for chronic care management and follow-up services.
• Online patient access/portals/technical support – A sleep disorder center provides patients with online access to view results from the polysomnography (sleep study) and offers patients options regarding the treatment of sleep disorders.
• eHealth, mHealth, and medical apps – Self-tracking apps for diagnostics, care support, and monitoring that may include weight loss, smoking cessation, medication compliance, and durable medical equipment compliance.

Health care providers should carefully consider and monitor the structure of business models and provider arrangements so that the facility and health care providers are properly documenting the provision of the telehealth and receiving the correct reimbursement.  Health care providers should consider the following issues related to the provision of telehealth:

• Business terms and transactional considerations, including compensation;
• Intellectual property;
• FDA compliance;
• Data access;
• Scope of practice and licensure;
• Patient privacy and information security;
• Fraud and abuse concerns;
• Cybersecurity insurance;
• Reimbursement; and
• Regulatory compliance, including HIPAA and state privacy regulations.

As telehealth continues to grow, health care providers and patients will need to navigate telehealth requirements for licensing, scope of practice and reimbursement. Rapid changes in technology and health care delivery systems will continue to cause health care providers and patients to increase their use of telehealth. While there are many opportunities for health care providers to implement and use telehealth, they must continue to closely monitor the changing regulatory landscape to ensure compliance, receive reimbursement, and avoid potential pitfalls and exposure to liability.

Read the previous installments in our telehealth series here, here and here.