In August 2022, President Biden signed into law the Inflation Reduction Act. The Act’s key provisions include the ability of the federal government to negotiate certain prescription drug pricing. Specifically, the law created a program that allows the federal government to negotiate prices for a limited number of high-cost single-source drugs (lacking generic and/or biosimilar substitutions). The Secretary of the Department of Health and Human Services (HHS) will have the ability to choose a list of 50 pharmacy drugs and 50 drugs administered at a physician’s office that will be priced in accordance with this new methodology. 

By September 1, 2023, the Centers for Medicare and Medicaid Services (CMS) must publish the highest cost drugs for negotiation. While the effective date for this first round of drugs is not until CY2026, in CY2023 a total of 10 drugs will be selected from the Medicare Part D program.

In this recent article published by Reuters entitled Bristol Myers, Pfizer, AbbVie Drugs Likely to Face U.S. Price Negotiation, the authors discuss some of the drugs anticipated to be on this initial list and the efforts being made by the industry to better understand how this new pricing system will be implemented.

On March 9, 2023, the New Jersey State Board of Medical Examiners filed an Order and statement of reasons for denying reinstatement of a physician’s medical license that had been previously revoked but with a right to apply for reinstatement. The denial was based on the Board’s conclusion that N.J.S.A. 45:1-15.9 barred reinstatement because of the physician’s prior conviction of criminal sexual contact that had led to the revocation in the first place.

This is the first known application of the statute that became effective in 2022 and will present a case of first impression if the matter proceeds further to the Appellate Division.

The physician’s license had been revoked on January 29, 2017 after earlier proceedings in 2015 temporarily suspending the license pending a plenary hearing. The Board’s disciplinary action arose out of an arrest for criminal sexual contact that allegedly occurred during two office visits with a patient undergoing a neurological examination.  Although the presenting complaint involved a right wrist drop, the physician’s examination included touching the patient’s breasts, her abdomen, thighs, and buttocks as well as exposure of her vaginal area from different angles.

Relying on the Board’s sexual misconduct regulation in N.J.A.C. 13:35-6.3, the Board concluded that the evidential record “palpably demonstrates a clear and imminent danger to the public” from the physician’s continued practice pending final disposition of the Attorney General’s complaint.  It rejected the defense’s argument that a temporary suspension was not warranted because no indictment had yet been returned.

The plenary disposition of the matter was achieved with the Consent Order that was entered on January 29, 2017. By that time, the physician had entered guilty pleas to criminal sexual contact in violation of N.J.S.A. 2C:14-3b. In ordering the revocation, the Board found that the charged conduct demonstrated gross and repeated acts of negligence, professional misconduct, sexual misconduct and acts constituting crimes of moral turpitude and crimes which relate adversely to the practice of medicine, satisfying several statutory grounds set out in N.J.S.A. 45:1-21. The Board’s Order further provided that the physician could not apply for a license in New Jersey until five years had elapsed from the entry of the temporary suspension order in 2015. It also required him to successfully complete courses on medical ethics and boundaries, undergo a psycho-sexual evaluation with follow-through on any treatment recommendation, and to appear before a committee of the Board to demonstrate fitness and competence to resume the practice of medicine.

An application for reinstatement was submitted in 2022 along with supportive documentation from the Board-designated evaluators concerning the physician’s readiness and fitness to resume practice.

On January 10, 2022, Governor Murphy signed Public Law 2021, Chapter 345 into law.  Codified as N.J.S.A. 45:1-15.9, this legislation set out a new provision regarding grounds for refusal to issue, renew, or reinstate licenses or certifications of healthcare professionals. Under this statute, the Board of Medical Examiners and other licensing bodies regulating healthcare professions or occupations:

shall not issue an initial license, certification or registration, or renew, reinstate or reactivate a license, certification or registration unless the entity has first determined that no criminal history record or record with the National Practitioner Data Bank exists demonstrating that an applicant for a license, certification, or registration in a health care profession or occupation has been convicted of sexual assault, criminal sexual contact or lewdness pursuant to endangering the welfare of a child, … attempting to lure or entice a child [contrary to a series of specifically identified New Jersey statutes including N.J.S.A. 2C:14-3] or equivalent offenses in another jurisdiction. [(Emphasis added).]

The Board rebuffed the contention that the physician had provided evidence of his rehabilitation and that he did not present a risk to the public. It construed the statute as depriving the Board of any discretion in making the licensure decision in circumstances encompassed by the statute.

Most fundamentally, the Board rejected the argument that the statute should be applied only to convictions that might occur after its January 10, 2022 effective date.  It saw no distinction between crimes that occurred before January 10, 2022 and those that might occur after that date. While nothing in the text explicitly required this retroactive application, the Board determined that the legislative intent could be found in statements submitted by the Senate Commerce Committee and the Assembly Regulated Professions Committee during consideration of the bill. The stated purpose of the bill was to bar certain convicted sex offenders who had engaged in “prior criminal conduct” from participation in regulated health occupations, in part, because of the risk of recidivism. The Legislature disavowed an intent to use the statute as a punitive measure but rather as protection of the public given the trust that arises from the implicit imprimatur of state licensure.

Going forward it will be necessary to reconcile the statute with provisions of N.J.S.A 45:1-21.5 which creates a presumption of disqualification for licensure from a conviction of murder or resulting in sex offender status but gives the professional licensing boards discretion to issue the license. Moreover, the Board is going to have to deal with biennial renewals submitted by physicians who have a disciplinary history including incidents of sexual misconduct fitting into the several categories of disqualifying offenses in N.J.S.A. 45:1-15.9.  Even when the discipline was not as severe as revocation, the statute bars even a renewal of a medical license.

Legislation requiring permanent revocation of a physician’s medical license when the physician has been convicted of a sex offense or ordered to register as a sex offender has been enacted in several states, including California, Illinois, Ohio, Tennessee, and Texas. In 2014, the Illinois Supreme Court upheld the constitutionality of the requirement of revocation based on convictions predating the effective date of the statute. The United States Supreme Court declined to review the case.

In light of the New Jersey Appellate Division’s recent decision in County of Passaic v. Horizon Healthcare Services affirming the validity of a commercial arbitration agreement that did not contain a jury waiver, contracting entities including those in the healthcare sector need to approach language differently depending on whether they are dealing with a consumer or employment agreement or an arm’s-length commercial contract. Greenbaum partners Robert B. Hille and John W. Kaveney analyze the impact of the February 8, 2023 Appellate ruling in this commentary published by the New Jersey Law Journal.

The NJ BPU’s new Competitive Solicitation Incentive (CSI) Program, mandated by the New Jersey Solar Act of 2021, is available to qualifying grid supply projects, with or without energy storage, and net-metering installations in excess of 5 MWs. The deadline to submit applications to earn solar renewable energy certificates under the program is March 31, 2023. This Client Alert by our partner Barbara J. Koonz provides an overview of this new incentive opportunity and other related details.

In the wake of the New Jersey Supreme Court’s 2017 decision in Allstate Insurance Company v. Northfield Medical Center, P.C., management services organizations (MSOs), physicians, private equity funds, and practicing healthcare attorneys should keep the following “do’s and don’ts” in mind when structuring their MSO arrangements to comply with New Jersey corporate practice of medicine (CPOM) rules:

Do’sDon’ts
Allocate the majority of shares and/or voting rights in the medical practice to the plenary licensed physician-owner(s)Allocate more than a minority of shares or voting rights to any limited licensed professionals and never to an unlicensed individual
Require the physician-owner(s) to contribute start-up capital to the medical practiceThe management contract should not contain a provision allowing the termination and replacement of the physician-owner in the event of a conflict of interest between proper medical judgment and cost-containment
Clearly delineate the roles between the physician-owner’s clinical activities and the management company’s administrative activitiesPay all remaining medical practice profits after expenses to the management company in exchange for the provision of management services, leased space, and leased equipment
Physician-owner(s) should participate in or oversee day-to-day patient care and supervision of clinical personnelRequire the physician-owner of the medical practice to pre-sign undated documents or certificates which permit physician’s removal from the practice
Physician-owner(s) should retain the right to terminate the management contractIncorporate a “break fee” in the management agreement, space rental, or equipment lease which is intended to penalize the medical practice’s physician-owner for breaking the management agreement or lease
The medical practice must pay fair market value for management servicesA management company should not make above-market loans to a medical practice
Monies earned from the provision of patient services should be kept within the medical practice and used to pay salaries, bills, and other medical practice expensesIf possible, a medical practice should not contract with the management company that also leases space and equipment to the medical practice

By following these simple do’s and don’ts the ownership, control, and direction of a medical practice will stay in the hands of the plenary licensed physician-owner, giving the MSO structure the greatest chance of being upheld by a court if ever challenged.

Healthcare employers are among the many members of New Jersey’s business sector who will be impacted by the newly-signed Temporary Workers’ Bill of Rights, which requires temporary workers to be paid the same average compensation rates (or cash equivalent) that is paid to permanent employers. This requirement, and other implications of the bill signed into law by Governor Murphy on February 6, are discussed in this Client Alert by Greenbaum associate Mitchell J. Horner on behalf of the firm’s Employment Law Department.

On February 10, 2023, the United States National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Department of Health and Human Services (HHS), the Republic of Korea (ROK) National Intelligence Service (NIS), and the ROK Defense Security Agency (DSA) issued a joint Cybersecurity Advisory (CSA) to highlight ongoing ransomware activity against healthcare and public health sector organizations and other critical infrastructure sector entities.

Given the multi-national involvement in this CSA, healthcare organizations should take particular note of the importance of its contents.

The intent of the CSA is to supplement prior reports on actions of the Democratic People’s Republic of Korea (DPRK), namely Maui and H0lyGh0st ransomware. The CSA highlights additional observed tactics, techniques, and procedures by DPRK cyber actors suspected to be targeting South Korean and U.S. healthcare systems.

Included in the CSA are a list of potential tactics, techniques, and procedures observed in ransomware efforts, including efforts to:

  • acquire infrastructure;
  • obfuscate identities;
  • purchase VPNs and VPSs; and
  • expose vulnerabilities to gain access.

The CSA also offers a list of mitigations to help protect an organization. Many of these should already be in place, but if not should be considered by an organization with urgency:

  • Limit access to data by authenticating and encrypting connections with network services, Internet of Things (IoT) medical devices, and the electronic health record system
  • Implement the principle of least privilege by using standard user accounts on internal systems instead of administrative accounts, which grant excessive system administration privileges
  • Turn off weak or unnecessary network device management interfaces and secure with strong passwords and encryption when enabled
  • Protect stored data by masking the permanent account number when displayed and rendering it unreadable when stored
  • Secure the collection, storage, and processing practices for personally identifiable information (PII)/protected health information (PHI)
  • Secure PII/ PHI at collection points and encrypt the data at rest and in transit using technologies. Only store personal patient data on internal systems that are protected by firewalls, and ensure extensive backups are available.
  • Create and regularly review internal policies that regulate the collection, storage, access, and monitoring of PII/PHI.
  • Implement and enforce multi-layer network segmentation with the most critical communications and data resting on the most secure and reliable layer
  • Use monitoring tools to observe whether IoT devices are behaving erratically due to a compromise

The CSA concludes by outlining a list of actions to prepare for potential ransomware attacks, including the following:

  • Maintaining isolated backups of data, and regularly testing the backup and restoration
  • Creating, maintaining, and exercising a basic cyber incident response plan
  • Installing software updates as soon as they are released
  • Implementing user training programs
  • Requiring strong passwords
  • Auditing user accounts
  • Installing and regularly updating anti-virus and anti-malware software

Organizational leadership and IT professionals within healthcare organizations should be aware of this CSA and its contents to ensure all possible protective actions have been taken. Continued and persistent vigilance is critical as these cyberattacks seem to only be getting more frequent and more sophisticated in their efforts.

Case in point: On February 15, 2023, it was reported that Community Health Systems, a large Tennessee-based healthcare organization with close to 80 hospitals in 16 states, confirmed that criminal hackers accessed the personal and protected health information of up to 1 million patients. While this breach appears to have been the work of a Russia-linked ransomware group, it serves to highlight how these risks can impact even the largest and most sophisticated organizations. Thus, continued vigilance is critical.

With New Jersey annually ranked as having one of the highest average effective tax rates in the country, NJ-based healthcare entities are impacted by high property taxes across the state, notwithstanding the tax-exempt status of certain hospitals and satellite emergency care facilities pursuant to New Jersey statute. Please join us on Wednesday, March 1 at 12:00pm for a 30-minute lunchtime webinar which will provide an overview of seven things that need to be considered when contemplating a commercial property tax assessment appeal. More details about the program and registration here.

.

Providers practicing in New York State who are enrolled in Medicaid should strongly consider revisiting their compliance programs following the recent issuance of new requirements by the New York State Office of the Medical Inspector General (OMIG).

On December 28, 2022, the OMIG issued new regulations (18 NYCRR 521-1.1, et seq.) requiring Medicaid-enrolled providers practicing in New York State to maintain their compliance programs in accordance with newly detailed standards and codifying the obligation of providers to self-disclose Medicaid overpayments.

On January 31, 2023, OMIG released three guidance documents to assist providers in ensuring they meet the new obligations. In reviewing the guidance, OMIG states that an effective compliance program:

  • is well-integrated into the company’s operations and supported by the highest levels of the organization, including the chief executive, senior management, and the governing body;
  • promotes adherence to the provider’s legal and ethical obligations; and
  • is reasonably designed and implemented to prevent, detect, and correct non-compliance with Medicaid program requirements, including fraud, waste, and abuse most likely to occur for the provider’s risk areas and organizational experience.

The guidance further provides examples and details of what OMIG considers the necessary items to properly satisfy the seven essential elements of a compliance program, which are:

  1. Written Policies, Procedures, and a Code of Conduct
  2. Establishment of a Compliance Officer and Compliance Committee
  3. Effective Compliance Training and Education
  4. Proper Lines of Communication for Reporting
  5. Defined Disciplinary Standards
  6. Routine Auditing and Monitoring
  7. Established Processes for Responding to Compliance Issues

Of further importance, OMIG has defined the steps it will follow in conducting routine reviews of provider compliance programs. These steps include:

  • Written notification of the review to the required provider;
  • Requiring the provider to download a module from OMIG’s website, complete the module, and submit supporting documentation to OMIG within 30 days for OMIG’s review; and
  • OMIG’s written compliance program assessment, recommendations for improvement, and a numerical scorecard indicating whether the required provider satisfactorily met the compliance requirements for each month of the review period (not to exceed 12 months).

Providers should expect OMIG to increase its reviews and thus should take advantage of the 30-day period to reassess their compliance programs and make the necessary changes.

The self-disclosure obligations included in the revised regulations largely codify what was already required of providers under the Affordable Care Act (ACA), which is that self-disclosure and repayment of Medicaid overpayments is mandatory. Providers should recognize this as a sign that the OMIG intends to more closely scrutinize inaction by providers in the face of identified overpayments. Accordingly, providers have an obligation to report, return, and explain any overpayment they receive from the New York State Medicaid program. These repayments must be returned the later of (i) 60 days after the overpayment is identified or (ii) the date any corresponding cost report is due with the overpayment being deemed identified when a person has identified, or “should have” identified, the overpayment “through the exercise of reasonable diligence.” The new regulations specify that a self-disclosure statement must contain a “detailed explanation” of the circumstances giving rise to the overpayment, how the overpayment was discovered, the provider’s corrective action taken, and other elements. By pursuing a self-disclosure, a provider may request a waiver of interest and a repayment plan for return of the overpayment. See 18 NYCRR 531-3.1, et seq.

While the regulations discussed herein became effective immediately upon issuance, OMIG announced in its guidance that it has given providers until March 28, 2023, to adopt and implement the necessary changes to their compliance programs to bring them into conformity with the new regulatory requirements.

Providers would be wise to consult counsel and closely analyze their compliance programs to identify any potential gaps and strengthen their programs now, rather than awaiting the day when an issue arises.

Whether or not explicit in the contract, all contracts have a mechanism for resolving disputes, the default being litigation. Left to their own devices, plaintiffs will select the forum most convenient and perceived to be most friendly to themselves that has jurisdiction over the parties and subject matter. The great majority of payer-provider contracts have some constraints over the law which may be applied, and/or provide for the use of an alternate mechanism for resolving disputes. This article takes a look beneath the hood of these contract provisions.

Businesspeople negotiating contracts are understandably focused on how the arrangement will function in the normal course – pricing, deliverables, term, etc. Less attention is paid to provisions that get handed off to the lawyers under an umbrella term like “general provisions.”  Put this under the category of provisions, like entire contract clauses, assignment provisions, indemnification provisions, compliance, record maintenance, governing law, notices, that really don’t matter to most businesspeople. That is, until they do.

Choice of Law

Even absent some alternate dispute resolution language, the party writing the contract will want to control to some extent where actions may be brought, and what laws will apply. A “Choice of Law” provision may look like the following:

“Choice of Law and venue. This Agreement shall be governed in all respects by the applicable laws and regulations of the State of New Jersey and/or federal law, as applicable, without regard to conflict of law principles, and any claim arising out of or relating to this Agreement shall be brought in the State or Federal courts of New Jersey.  The invalidity or unenforceability of any terms or provisions hereof shall in no way affect the validity or enforceability of any other term or provision.”

The county in which actions may be brought may be further defined.

An important consideration for a contract reviewer is the convenience or inconvenience of the named governing law and venue. A payer with locations in multiple states may well prefer a state in a location distant from the provider and its counsel. Depending upon the complexity and duration of the ensuing legislation, this could require distant travel by the provider’s officers and witnesses for appearances and depositions and battling time zones for status calls and other required teleconferences.

A good managed care contract lawyer can help negotiate changes up front, before the provision is triggered by a dispute.

Alternative Dispute Resolution

Anyone who has been involved in a civil lawsuit knows that years can pass between the time a plaintiff files a complaint and the time the dispute is resolved by a court judgment. Meeting all the requirements for pleadings, answers, counterclaims, cross-claims and other motion practice can be enormously expensive. In an effort to cut down on time and expense, many contracts permit or require alternative dispute resolution (ADR) methods, which are any nonjudicial method of resolving civil disputes. For example, parties usually first try to settle their disputes themselves by means of formal or informal negotiations (i.e., “out of court”). Mediation and arbitration are two other common forms of dispute resolution in payer-provider contracts.

Mediation is a process in which an impartial third party, known as a mediator, facilitates negotiations between the parties in an effort to create a mutually agreeable resolution of the dispute. If the parties are not able to resolve their dispute through mediation, they typically have the right to arbitration or civil litigation.

Arbitration is a process in which impartial third parties, known as arbitrators, evaluate the facts in dispute and render a decision that usually is binding on the parties. Appeals of arbitrators’ decisions are generally possible only if the arbitration was conducted improperly. Contracts often require that any disputes that arise between the contracting parties be resolved through arbitration rather than through civil litigation.

A threshold issue for anyone reviewing a provider contract is whether there should be a mediation and/or arbitration provision at all. State and federal rules of evidence, for example, do overlay time-consuming and expensive steps, but those steps also force discipline into the process and ensure thorough development of facts and sworn development of testimony.  Mediation and arbitration shortcut much of this development. Mediation is non-binding, but helps both parties understand the other’s positions and likely posture in any subsequent more-formal dispute resolution forum.

A “Dispute Resolution” provision may look like the following:

“Dispute Resolution. Payer will provide an internal mechanism under which Provider can raise issues, concerns, controversies or claims regarding the obligations of the Parties under this Agreement. If after at least 30 days following the date one party sent written notice of the dispute to the other party, the dispute is not resolved, and if any party wishes to pursue the dispute, it shall be submitted to mediation, and if unsuccessful, to binding arbitration in accordance with the rules of the American Arbitration Association (AAA). The arbitrator may award only compensatory damages for breach of contract, and is not empowered to award punitive, exemplary or extra-contractual damages.”

A few points of note:

  • Mediators and arbitrators are generally jointly agreed upon by the parties and a just outcome is very much reliant on the skill of the decisionmaker. Experience, judiciousness, and an ability to quickly grasp issues must be carefully considered when proposing or selecting among proposed arbitrators, and the authority of the provider to participate in the process must be clearly understood.
  • The parties should agree that any discussions and negotiations held will be treated as settlement negotiations and be inadmissible into evidence in any court proceeding. This should be made plain in the contract.
  • The contract could provide for a single arbitrator, except that claims over a threshold amount would be decided by a larger panel, for example, a panel of three arbitrators.
  • While mediation is non-binding, arbitration usually is.

Providers should strongly consider coordinating their payer contract reviews with counsel to ensure all of the provisions, which often start with the boilerplate of payer templates, protect their interests and work in the context of their own business models.