Whether or not explicit in the contract, all contracts have a mechanism for resolving disputes, the default being litigation. Left to their own devices, plaintiffs will select the forum most convenient and perceived to be most friendly to themselves that has jurisdiction over the parties and subject matter. The great majority of payer-provider contracts have some constraints over the law which may be applied, and/or provide for the use of an alternate mechanism for resolving disputes. This article takes a look beneath the hood of these contract provisions.

Businesspeople negotiating contracts are understandably focused on how the arrangement will function in the normal course – pricing, deliverables, term, etc. Less attention is paid to provisions that get handed off to the lawyers under an umbrella term like “general provisions.”  Put this under the category of provisions, like entire contract clauses, assignment provisions, indemnification provisions, compliance, record maintenance, governing law, notices, that really don’t matter to most businesspeople. That is, until they do.

Choice of Law

Even absent some alternate dispute resolution language, the party writing the contract will want to control to some extent where actions may be brought, and what laws will apply. A “Choice of Law” provision may look like the following:

“Choice of Law and venue. This Agreement shall be governed in all respects by the applicable laws and regulations of the State of New Jersey and/or federal law, as applicable, without regard to conflict of law principles, and any claim arising out of or relating to this Agreement shall be brought in the State or Federal courts of New Jersey.  The invalidity or unenforceability of any terms or provisions hereof shall in no way affect the validity or enforceability of any other term or provision.”

The county in which actions may be brought may be further defined.

An important consideration for a contract reviewer is the convenience or inconvenience of the named governing law and venue. A payer with locations in multiple states may well prefer a state in a location distant from the provider and its counsel. Depending upon the complexity and duration of the ensuing legislation, this could require distant travel by the provider’s officers and witnesses for appearances and depositions and battling time zones for status calls and other required teleconferences.

A good managed care contract lawyer can help negotiate changes up front, before the provision is triggered by a dispute.

Alternative Dispute Resolution

Anyone who has been involved in a civil lawsuit knows that years can pass between the time a plaintiff files a complaint and the time the dispute is resolved by a court judgment. Meeting all the requirements for pleadings, answers, counterclaims, cross-claims and other motion practice can be enormously expensive. In an effort to cut down on time and expense, many contracts permit or require alternative dispute resolution (ADR) methods, which are any nonjudicial method of resolving civil disputes. For example, parties usually first try to settle their disputes themselves by means of formal or informal negotiations (i.e., “out of court”). Mediation and arbitration are two other common forms of dispute resolution in payer-provider contracts.

Mediation is a process in which an impartial third party, known as a mediator, facilitates negotiations between the parties in an effort to create a mutually agreeable resolution of the dispute. If the parties are not able to resolve their dispute through mediation, they typically have the right to arbitration or civil litigation.

Arbitration is a process in which impartial third parties, known as arbitrators, evaluate the facts in dispute and render a decision that usually is binding on the parties. Appeals of arbitrators’ decisions are generally possible only if the arbitration was conducted improperly. Contracts often require that any disputes that arise between the contracting parties be resolved through arbitration rather than through civil litigation.

A threshold issue for anyone reviewing a provider contract is whether there should be a mediation and/or arbitration provision at all. State and federal rules of evidence, for example, do overlay time-consuming and expensive steps, but those steps also force discipline into the process and ensure thorough development of facts and sworn development of testimony.  Mediation and arbitration shortcut much of this development. Mediation is non-binding, but helps both parties understand the other’s positions and likely posture in any subsequent more-formal dispute resolution forum.

A “Dispute Resolution” provision may look like the following:

“Dispute Resolution. Payer will provide an internal mechanism under which Provider can raise issues, concerns, controversies or claims regarding the obligations of the Parties under this Agreement. If after at least 30 days following the date one party sent written notice of the dispute to the other party, the dispute is not resolved, and if any party wishes to pursue the dispute, it shall be submitted to mediation, and if unsuccessful, to binding arbitration in accordance with the rules of the American Arbitration Association (AAA). The arbitrator may award only compensatory damages for breach of contract, and is not empowered to award punitive, exemplary or extra-contractual damages.”

A few points of note:

  • Mediators and arbitrators are generally jointly agreed upon by the parties and a just outcome is very much reliant on the skill of the decisionmaker. Experience, judiciousness, and an ability to quickly grasp issues must be carefully considered when proposing or selecting among proposed arbitrators, and the authority of the provider to participate in the process must be clearly understood.
  • The parties should agree that any discussions and negotiations held will be treated as settlement negotiations and be inadmissible into evidence in any court proceeding. This should be made plain in the contract.
  • The contract could provide for a single arbitrator, except that claims over a threshold amount would be decided by a larger panel, for example, a panel of three arbitrators.
  • While mediation is non-binding, arbitration usually is.

Providers should strongly consider coordinating their payer contract reviews with counsel to ensure all of the provisions, which often start with the boilerplate of payer templates, protect their interests and work in the context of their own business models.

Healthcare entities that diligently monitor medical staff members and take timely actions to protect patients from substandard care are entitled to immunity from frivolous and retaliatory claims if the healthcare entity engaged in a good faith peer review pursuant to the Health Care Quality Improvement Act of 1986 (HCQIA). The HCQIA was enacted to encourage good faith peer review activities because healthcare entities, and medical staff members, are vulnerable to certain risks of liability when participating in peer reviews that adversely affect medical staff membership or clinical privileges.

The HCQIA established the National Practitioner Data Bank (NPDB) as a means of accumulating and disseminating information related to adverse peer review actions that impact clinical privileges. Adverse actions include reducing, restricting, suspending, revoking, or denying the clinical privileges of a physician or dentist.

Pursuant to the HCQIA, healthcare entities must report adverse actions in three situations. First, there is an obligation to report any “professional review action” that adversely affects clinical privileges for more than thirty days based on professional competence or conduct that impacts the health or welfare of a patient. Second, a healthcare entity must report a physician or dentist’s surrender of clinical privileges while under investigation for incompetence or improper professional conduct, or to avoid investigation. Third, healthcare entities must report any revisions to the above-referenced actions previously reported. 

In these instances, if the healthcare entity submitted a report, the HCQIA will provide immunity if the physician who was adversely affected files suit unless the report was false, and the healthcare entity knew it was false. To improve the quality of healthcare and protect patients, the immunity is given to encourage good faith peer review because a failure to report can result in a healthcare provider losing its immunity under the HCQIA for three years and/or becoming the subject of an investigation by the U.S. Department of Health and Human Services (HHS).

However, the immunity is not absolute and certain aspects of its application lack clarity. Most recently, the California Third District Court of Appeal provided some clarity by dismissing a case against a healthcare entity that properly filed a report with the NPDB when a surgeon, who resigned while under investigation (the second scenario listed above) filed suit against it. In Wisner v. Dignity Health, the healthcare entity filed a motion to dismiss because the complaint arose out of a protected activity under the HCQIA. The surgeon argued that he was not under investigation and that he resigned in good standing. Therefore, the case hinged on the term “investigation” because it was undefined by state and federal law. Relying on guidance published by HHS in the NPDB Guidebook, the court defined an investigation as the result of “a formal, targeted process” that “is used when issues related to a specific practitioner’s professional competence or conduct are identified” and that a “routine review of a particular practitioner is not an investigation.” In Wisner, the court found that the healthcare entity had engaged in a targeted review of a specific provider, the surgeon/plaintiff, and that it was a precursor to an adverse action against the surgeon’s clinical privileges. Therefore, the court held that the surgeon was under investigation and that his resignation triggered a duty to report him to the NPDB.

This case demonstrates the legal mechanism available to a healthcare entity for a good faith peer review reporting to the NPDB because of the protections afforded by the HCQIA. In other words, a good faith peer review report to the NPDB can dispose of frivolous and retaliatory claims.  Additionally, in highlighting a gap in the reporting requirements where the term “investigation” is undefined, hospitals should consider defining “investigation” in its medical staff bylaws. While the definition of “investigation” in the medical staff bylaws will not control the analysis, and is not a determinative factor, to the extent the term remains undefined – and inasmuch as the court sought guidance from another source – a definition in the bylaws could be the guidance the court uses to ultimately dismiss a case because the report is a protected action entitled to immunity. 

On January 5, 2023, Governor Phil Murphy signed into law an Act amending New Jersey’s Uniform Construction Code Act (UCC) to facilitate expedited construction inspections, as explained in this week’s Client Alert by attorneys in the firm’s real estate practice. Healthcare entities undertaking construction projects for new or renovated facilities in New Jersey should be aware of these UCC amendments, which seek to remedy the existing lack of strict timeframes requiring public construction officials to respond promptly to construction inspection requests by providing the option to utilize an authorized private inspection company upon implementation of the Act.

In a case of first impression, the Superior Court of New Jersey in Atlantic Plastic & Hand Surgery, P.A. v. Ralling held that a parent who is the named insurance policyholder is not liable for unreimbursed medical expenses incurred by an emancipated child who is a covered “adult child” dependent pursuant to the Patient Protection and Affordable Care Act (ACA) and may not be considered a guarantor under the Statute of Frauds without the requisite written instrument. This decision was made in a summary judgment ruling on November 16, 2021, with the opinion approved for publication on December 9, 2022.

Section 300gg-14 of the ACA requires that individual and group insurance plans that provide “dependent coverage of children . . . continue to make such coverage available for an adult child until the child turns 26 years of age.” Before the ACA, many health plans and insurers could, and did, remove young adults from their parents’ policies because of their age, leaving many college graduates and others with no insurance. Since its enactment in March 2010, there has been limited judicial consideration of this section of the ACA. The implementing federal regulation makes it clear that an insurer may not define eligibility for dependency by factors other than the relationship between the child and the subscriber.

The pertinent facts of Atlantic were that in October 2017, 24-year-old William Ralling sustained significant facial, elbow, and hand injuries in a skateboarding accident. He was taken to the emergency room at Riverview Hospital. His mother joined him and was present for the examination by Dr. Risin, a surgeon with Atlantic Plastic & Hand Surgery, P.A.  Dr. Risin informed William and his mother that he was an out-of-network provider in their health insurance plan. During the conversation, the mother commented that they had insurance and that Dr. Risin should take care of William. In the ensuing litigation, Dr. Risin took the position that he understood that comment to be a guarantee of payment by the parent for any unreimbursed expenses.

Atlantic submitted a claim with the insurer for $50,626.38 as its usual and customary charges for the services rendered to William. The insurer, however, only paid $1,423.29 with a check payable to the parent policyholder, which was forwarded to the medical practice. After attempts to negotiate a resolution for the remaining balance of $49,202.47, a lawsuit was commenced against William and his parents. The complaint set forth theories of breach of contract, book account, unjust enrichment, and quantum meruit.

The defendants contended that to the extent that the mother’s comments in the emergency room constituted a guarantee of William’s unreimbursed medical expenses, such a claim was barred by the Statute of Frauds. The court described the issue of whether a family member’s oral guaranty of payment can be enforceable where the promisor has no pecuniary interest as also being a question of first impression. The opinion provides an extended review and analysis of the Statute of Frauds going back to its modeling after the English Parliament in 1677 and its evolution through case law and statutory amendments. It found that the presence of some pecuniary interest on the part of the putative guarantor—triggering the “leading object” exception—was a recurring requirement in the statutes and case law. The court found that the only thing William’s mother had to gain was the non-financial parental benefit of a child receiving care for facial injuries. Thus, the court concluded that the oral promise supported by familial bonds does not satisfy the Statute of Frauds’ exception to the requirement of a writing and, accordingly, the claim was unenforceable.

Turning to the other issue of first impression concerning policyholder liability, the court began its analysis with the observation that as of his 18th birthday, William was an adult. It also observed that there was no dispute that William was emancipated and had the ability to contract for care in his own right. In a footnote, the court declined to “wade into the waters” of what result would occur where a child’s parents were not married, the child was not emancipated, or where the parental obligation to provide for the child’s basic necessities was apportioned by a court through an order or a consensual agreement between the parents.

The court recognized that the pertinent provision of the ACA “imposes no obligation on a policyholder, but merely mandates that the insurer make the specified coverage available.” Also, the ACA is silent as to the imposition of financial obligations on parental policyholders for unreimbursed medical expenses provided to an adult child at the request of and with the parents’ approval. In the absence of a viable guaranty, the court held that there was no authority supporting the theory of liability against the parents. It noted that Atlantic cited no supporting authority, and the court’s own research did not find any. In fact, the only published opinion that could be found was the New York Supreme Court’s 2019 decision in Westchester County Health Care Corp. v. Ceus, which in construing the ACA similarly rejected the providers’ claims of an obligation on the parental policyholder.

The grant of summary judgment as to the Atlantic complaint was only as to the parents. Summary judgment in favor of William was denied. Following arbitration proceedings, the case against William was settled.

As discussed in this prior blog post, beginning in 2018 the U.S. Department of Health and Human Services (HHS) reduced reimbursement rates for Medicare prescription drugs to 340B hospitals by nearly thirty percent. The American Hospital Association (AHA) filed suit, and on June 15, 2022 the U.S. Supreme Court ruled that the cuts imposed by HHS, without conducting a survey of the hospitals’ acquisition costs, exceeded the agency’s authority and remanded the matter to the U.S. District Court for further proceedings.

Upon remand, District Court Judge Rudolph Contreras ruled that HHS must reimburse 340B hospitals at the default rate of average sale price plus six percent for the remainder of 2022.  And, when CMS published its Calendar Year 2023 OPPS Final Rule it provided reimbursement to 340B hospitals at a rate of average sale price plus six percent. However, what has remained a question is how the 340B hospitals would be made whole for the past underpayments beginning in 2018. This question has yet to be decided.

This issue was recently before the District Court, where the AHA argued that the only rational result would be for the Court to award the hospitals the difference between what they were paid and the average sale price plus six percent they were entitled to. Unfortunately for providers, Judge Contreras rejected the AHA’s position, finding that the proper course of action was to remand the matter to the agency to determine in the first instance what it believes to be the appropriate remedy. While Judge Contreras noted that the AHA could seek additional judicial review if it was dissatisfied with the agency’s selection of a remedy, this decision means additional delay should the agency fail to propose a reasonable approach to return the money owed to providers in a timely manner.

It is anticipated that HHS will propose a remedy in April 2023. While it is difficult to predict what remedy the agency will propose, the AHA is hoping the proposed remedy does not take budget neutrality into account. If the agency were to take such an approach, non-340B hospitals would almost certainly be negatively impacted by the decision resulting in a classic “rob Peter to pay Paul” scenario and almost guaranteeing to trigger more litigation.

As discussed in this week’s Client Alert by our partner Alan S. Pralgever, New Jersey Governor Phil Murphy recently signed into law a bill (A-4768) that sets April 10, 2023, as the new effective date for long awaited amendments to the NJ WARN Act. These changes have far-reaching implications for New Jersey employers, including those in the healthcare industry, concerning items such as notice and severance to be provided to employees in instances of mass layoffs or the termination or transfer of business operations.

This most recent change to the employment landscape per the NJ WARN Act comes on the heels of New Jersey Senate Bill No. 315, which went into effect on November 10, 2022 and created new employment protections for eligible employees of certain private healthcare entities that experience what is referred to as a “change in control.” The law applies to hospitals, healthcare and treatment centers, rehabilitation centers, nursing homes, outpatient clinics, dispensaries, residential healthcare facilities, and any other healthcare entities licensed under N.J.S.A. 26:2H-1 et seq. Moreover, the law requires notice be given to the eligible employees of the “change in control” and that all eligible employees be informed of their rights under the law. It also restricts the ability of the buyer to terminate employees and requires them to provide evaluations and documentation of employment decisions to help protect eligible employees from termination.

Healthcare entities experiencing a significant reduction in workforce, changes in business operations, or other events that could be considered a “change in control” should carefully consider these new laws and seek legal guidance before taking action to avoid the potential penalties and legal ramifications of non-compliance.

The Supreme Court of South Carolina has ruled that the state constitutional protection against “unreasonable invasions of privacy” includes a woman’s right to choose an abortion. In Planned Parenthood South Atlantic v. State of Carolina, the Court found that the Fetal Heartbeat and Protection Act violated Article I, Section 10, of the South Carolina Constitution. Enacted in 2021, the effect of the Act was to ban abortions after six weeks gestation by requiring physicians to scan for “cardiac activity” prior to allowing the right to choose an abortion. If cardiac activity was detected an abortion was prohibited. The Act provided exceptions in the circumstances of rape, incest, health of the woman, or fetal anomalies in which a pregnancy could be terminated at a later point in the gestation.

The opinion of the Court, which was authored by Justice Kaye Gorenflo Hearn (the only woman among the justices) had the support of two other justices. The five-member Supreme Court published five separate opinions with two concurrences and two dissents.

Justice Hearn’s opinion rejected the argument that because the “unreasonable invasions of privacy” was included in a provision first mentioning protection against “unreasonable searches and seizures,” the right was limited to criminal proceedings and made no mention of medical care or personal autonomy. In reaching this decision, the Court reviewed the evolution of the right of privacy stemming from an 1890 article published in the Harvard Law Review that was co-authored by the late Justice Louis Brandeis. Special attention was paid to the 1965 decision in Griswold v. Connecticut in which the Supreme Court of the United States (SCOTUS) recognized that a ban on contraceptives violated the right of marital privacy. The South Carolina Constitution was amended in 1971 to add the provision regarding “unreasonable invasions of privacy” “only six years after Griswold” and there was “no doubt that the authors of this provision were aware of Griswold and its use of the right to privacy.”

In Roe v. Wade, the SCOTUS ruled that the constitutional right of privacy extended to a woman’s decision to terminate a first trimester pregnancy. Regarding the recent overruling of Roe in Dobbs v. Jackson Women’s Services, the South Carolina court stated: “A critical part of the Dobbs Court’s justification for overruling Roe was that Roe ‘held that the abortion right, which is not mentioned in the Constitution, is part of the right to privacy, which is also not mentioned.’” Accordingly, Dobbs did not control “nor even shed light on” a decision concerning the South Carolina Constitution with its explicit inclusion of a right to privacy.

Examining the jurisprudence under South Carolina’s Constitution, the Court found that there were precedents that had held certain governmentally directed medical interventions were intrusions upon a person’s right to be secure from unreasonable invasions of privacy. However, before applying the implications of such precedents to the circumstances of a decision to terminate a pregnancy, the South Carolina Supreme Court surveyed decisions in other states with similar constitutional provisions regarding privacy. It identified ten states including South Carolina that had a specific reference to privacy in their constitutions. Not all of these had addressed whether the right to privacy applied to abortion. Five jurisdictions concluded that there was a fundamental interest in the decision to terminate a pregnancy within the scope of protected privacy. In addition to Alaska, Florida, Minnesota, Montana, and Tennessee, Washington ruled that its explicit privacy right protected “autonomous decision-making” especially regarding marriage, procreation, family relationship, child rearing, and education.

Because a fundamental right was implicated, the Court employed the standard of strict scrutiny to evaluate whether the statute violated the Constitution. It identified three interests that supported the statutory restriction on abortion: (1) the State’s interest in fetal health; (2) the State’s interest in protecting maternal health; and (3) the unborn fetus’s interest. In evaluating each of these interests, the Court paid particular attention to the maternal health interest and the legislature’s emphasis on the importance of a fetal heartbeat in a woman making an “informed choice about whether to continue a pregnancy.” It referred to the scientific literature indicating that women typically were not aware of being pregnant until around six weeks and that this was precisely the point at which the Act banned the procedure. Given the realities of learning of the pregnancy, considering her options, attempting to schedule an appointment, and complying with the statutorily mandated waiting period, “in reality, there is no ‘choice’ at all.” The interests of the fetus at this stage of the pregnancy before viability cannot displace the pregnant woman’s interest at this early stage.

While the State has an interest in fetal life and in providing women with vital medical information about their pregnancy such as the presence of a fetal heartbeat, the Court concluded that the Act’s six-week ban did not serve those interests because the Act subjected women to the ban on abortion before they even had sufficient information to make an informed choice.  Specifically, the Court wrote:

The State unquestionably has the authority to limit the right of privacy that protects women from state interference with her decision, but any such limitation must be reasonable and it must be meaningful in that the time frames imposed must afford a woman sufficient time to determine she is pregnant and to take reasonable steps to terminate that pregnancy. Six weeks is, quite simply, not a reasonable period of time for these two things to occur, and therefore the Act violates our state Constitution’s prohibition against unreasonable invasions of privacy.

While joining in Justice Hearn’s opinion regarding the violation of the privacy provision, Chief Justice Beatty set forth in his concurring opinion that the Act also denied state constitutional rights of equal protection, procedural due process, and substantive due process. The challengers to the Act had raised all these contentions. In Justice Few’s concurrence, he agreed that the Act violated the prohibition of “unreasonable invasions of privacy,” but disagreed with the analysis of the other two justices in the majority with an extended discussion of the differences in approach.

Of the two dissenting opinions, the one written by Justice Kittredge was joined by Justice James. However, the remaining dissent was solely the view of its author Justice James. In confining the scope of the privacy protection of the South Carolina Constitution, the dissenters relied on the intent of the framers of the amendment to limit its scope of searches and seizures and the proposition that abortion was different from the widely accepted general right to privacy because of the presence of the unborn child.

In contrast to the South Carolina constitution, the New Jersey Constitution of 1947 does not have an explicit reference to privacy. However, the provisions of Article I, Paragraph 1 have been judicially construed to include a right to privacy. The text of that provision reads:

All persons are by nature free and independent, and have certain natural and unalienable rights, among which are those of enjoying and defending life and liberty, of acquiring, possessing, and protecting property, and of pursuing and obtain safety and happiness.  

In Right to Choose v. Byrne, the New Jersey Supreme Court recognized “the fundamental right of a woman to control her body and destiny.” It characterized that right as encompassing the intensely personal decision to terminate a pregnancy as one that should be made by a woman without undue government interference. The New Jersey Supreme Court expanded upon its ruling in Byrne regarding the denial of equal protection resulting from the denial of Medicaid funding with its decision in Planned Parenthood of New Jersey v. Farmer. It specifically stated that the language in the New Jersey Constitution was more expansive than the United States Constitution and “incorporates within its terms the right of privacy and its concomitant rights, including a woman’s right to make certain fundamental choices.” Accordingly, it held that New Jersey’s constitutional guarantee of equal protection was violated by the statutory classification requiring parents of a pregnant minor to be notified before an abortion could be performed, but there was no such requirement for a pregnant minor seeking other medical care for her pregnancy or her child.

Chief Justice Beatty cited the New Jersey precedent in Right to Choose v. Byrne in his concurring opinion. The recognition of a right of privacy being embodied in Article I, Paragraph 1 of the New Jersey Constitution is of significant vintage. It can be found in the 1976 opinion of In re Quinlan and even earlier under the identical provision of the Constitution of 1844 in McGovern v. Van Riper decided in 1945. While the opinion of the Court of Errors and Appeals referred to the constitutional provisions, it did not specifically mention a right of privacy. The opinion of the Chancery Court, however, was more expansive in its language:

It is now well settled that the right of privacy having its origin in natural law, is immutable and absolute, and transcends the power of any authority to change or abolish it. … It is one of the “natural and inalienable rights” recognized in article 1, section 1 of the constitution of this state.  More recently in response to Dobbs, the Legislature passed, and the Governor signed, two statutes to limit the impact of that decision. These laws provide protection to individuals who visit New Jersey seeking reproductive healthcare services as well as to the medical providers who provide them with care in New Jersey. These were the subject of a prior posting on this blog.

As reported this past week by GovInfoSecurity, the Consolidated Appropriations Act of 2023, signed into law in late December 2022, included a key provision to help ensure the cybersecurity of medical devices by their manufacturers. GovInfoSecurity interviewed Dr. Suzanne Schwartz, director of the FDA’s Office of Strategic Partnerships and Technology Innovation, Center for Devices and Radiological Health, about this new piece of legislation.

As stated in the Act, any medical device that meets the definition of a “cyber device” under the Federal Food, Drug, and Cosmetic Act must meet specifically enumerated cybersecurity requirements. Specifically, any sponsor of an application or submission shall:

  1. submit to the Secretary a plan to monitor, identify, and address, as appropriate, in a reasonable time, postmarket cybersecurity vulnerabilities and exploits, including coordinated vulnerability disclosure and related procedures;
  2. design, develop, and maintain processes and procedures to provide a reasonable assurance that the device and related systems are cybersecure, and make available postmarket updates and patches to the device and related systems to address:
    • on a reasonably justified regular cycle, known unacceptable vulnerabilities; and
    • as soon as possible out of cycle, critical vulnerabilities that could cause uncontrolled risks;
  3. provide to the Secretary a software bill of materials, including commercial, open-source, and off-the-shelf software components; and
  4. comply with such other requirements as the Secretary may require through regulation to demonstrate reasonable assurance that the device and related systems are cybersecure.

A cyber device is defined as one that “(1) includes software validated, installed, or authorized by the sponsor as a device or in a device; (2) has the ability to connect to the internet; and (3) contains any such technological characteristics validated, installed, or authorized by the sponsor that could be vulnerable to cybersecurity threats.

Not later than 180 days after enactment of this Act, the FDA must issue premarket guidance for FDA staff and the medical device industry, in addition to publishing a report identifying challenges to implementing cybersecurity for current and legacy medical devices within the next year.

The Act provides the FDA with $5 million of funding for the development of policies, procedures, and enforcement efforts.

On January 5, the Federal Trade Commission (FTC) issued an extremely broad Notice of Proposed Rulemaking which, if adopted in its current form, would prohibit nearly all private employers from entering into or enforcing non-compete agreements with their employees. In this Client Alert, our partner Thomas C. Senter outlines key provisions of the proposed rule, including the circumstances under which it would supersede any state laws related to non-compete agreements, New Jersey-specific considerations, and how limited exceptions to the rule in its current form might impact both non-profit and for-profit healthcare sector employers.  

The COVID-19 pandemic created a paradigm shift in the world of telehealth and telemedicine by presenting challenges and opportunities to expand the delivery methods used to access healthcare.  With the continued advancement of the technology behind it, telemedicine offered opportunities for healthcare practitioners to practice medicine across state lines when the patient was in a different state – further increasing access to healthcare services while the country was in quarantine. Recognizing an increased need for the use of telehealth and digital platforms, the federal government temporarily relaxed many federal regulations concerning telehealth. The HHS Office of Inspector General’s website states that “the use of telehealth increased dramatically during the first year of the pandemic” and that Medicare beneficiaries used “88 times more telehealth services during the first year of the pandemic than they did in the prior year.” This dynamic presented challenges for healthcare practitioners licensed to practice in their own state but not in the patient’s state, forcing them to understand the potentially limiting interplay of state laws across state lines.

Telehealth is the use of digital technologies to access healthcare services outside the traditional, in-person medical settings. More specifically, telemedicine refers to the remote clinical services while telehealth also includes non-clinical healthcare services. The state where the healthcare practitioner is located is referred to as the “home state”; the state where the patient is located is the “remote state”. 

As the last few years have unfolded, telehealth – which was once limited by the federal government to only Medicare, Medicaid, and other beneficiaries receiving federal healthcare benefits who were residing in rural areas – has become an integral part of the post-pandemic world. It remains a moving target, however, especially given the temporary expansions put in place by the federal government and many states across the country. Accordingly, telehealth providers must continue to monitor developments in federal and state laws, regulations, and policies to not only capitalize on telehealth opportunities, but also to ensure compliance – especially with licensing requirements to avoid sanctions for the unlicensed practice of medicine – and to maintain the quality of healthcare. 

The Tenth Amendment of the United State Constitution grants each state the power to control licensure. As such, when a healthcare practitioner provides medical advice via an online telemedicine platform to a patient residing in a remote state, the laws of the remote state govern.  Therefore, to treat a patient in a remote state, the healthcare practitioner must, in almost all situations, have a license to practice in that state and will be subject to the laws governing that remote state. 

To prevent licensure from being a significant roadblock to telemedicine, the Federation of State Medical Boards (the Federation) streamlined the process to make it easier for healthcare practitioners to treat patients in remote states. It developed the Interstate Medical Licensure Compact (IMLC) to qualify healthcare practitioners to practice medicine across state lines as long as they meet certain eligibility requirements. By creating a fast-track option to complete one application, the healthcare practitioner receives licenses from multiple states included in the IMLC and will be able to fully practice medicine in whichever remote state they obtain a license from.  Indeed, the healthcare practitioner will remain subject to each remote state’s medical laws as the IMLC will not supersede any state’s law. Currently, thirty-two states, the District of Columbia, and Guam have entered the IMLC. New Jersey enacted and entered it on March 5, 2020.

The Federation also created a Model Policy for Appropriate Use of Telemedicine Technologies in the Practice of Medicine. Although it is not law, many states have adopted some, if not all, of the policies as their own telemedicine law. At a baseline, the Federation’s Model Telemedicine Policy requires a physician-patient relationship to provide telehealth services and the patient must have consented to the diagnosis and/or treatment irrespective of whether the initial encounter is in-person. 

Those states which have adopted the Federation’s Model Telemedicine Policy face an interesting wrinkle when a healthcare practitioner treats a patient in a remote state if there is not a pre-existing physician-patient relationship.  In this scenario, to establish the physician-patient relationship, the healthcare practitioner virtually treating a patient in a remote state must:

  • Verify and authenticate the patient’s location and identity;
  • Disclose and validate the identity of a remote provider if the healthcare practitioner is assisted by a provider in the remote state;
  • Disclose the benefits and limitations of telemedicine consultation prior to obtaining appropriate consent; and
  • Ensure the patient knows the identity of the healthcare practitioner.

Provided the healthcare practitioner is appropriately licensed in both the home state and the remote state, the healthcare practitioner is expected to practice informed consent and use the same standard of care as one would during an in-person visit.  Additionally, the healthcare practitioner is expected to maintain accurate medical records, respect the patient’s privacy of those records, keep the exchange of information confidential, and otherwise abide by the laws and ethical responsibilities of both states. This could form the basis for various other sanctions pursuant to state and federal laws.

Given the evolution of telemedicine, healthcare practitioners providing telemedicine should consider how it is regulated not only nationally, but also from state to state, to avoid the unlicensed practice of medicine. The most critical considerations should always be establishing a patient-physician relationship and obtaining informed consent to avoid the potential for any grievances filed against the healthcare practitioner. Moreover, careful review and consideration of all applicable state and federal laws is important to ensuring a healthcare provider does not run afoul of a unique legal requirement, especially given the interplay between state and federal laws, in addition to potential limitations in payor agreements.