United States: Healthcare Legal News: Volume 7, Number 2

Blessings in Disguise: Strategies to Uncover the Hidden Opportunities for Healthcare Bankruptcies

On September 14, Carolyn "CJ" Johnsen (Member, Phoenix) and Peter Domas (Of Counsel, Troy) will co-present this webinar on leveraging opportunities with distressed healthcare entities. Key takeaways include identifying risks and opportunities over the next 3 to 5 years facing healthcare entities, learning the strategies available to distressed healthcare entities seeking to regain sustainability, and understanding and mitigating risks unique to acquiring distressed healthcare entities. The event will begin at 2:00 EDT. Register at here.

Where is your PHI Data Traveling Today?

by Craig A. Phillips, Member
Grand Rapids Office
616.336.1030 
cphillips@dickinsonwright.com


With most vendors offering and pushing cloud computing solutions and offsite data backup, or guaranteeing offsite backup of data they process for you, many HIPAA covered entities and business associates are questioning whether and how they can take advantage of cloud computing while complying with regulations protecting the privacy and security of electronic protected health information. At the same time, the rise of offshore IT services, including distributed storage, by cloud data providers creates issues that most healthcare providers have not yet realized. Even if some of the issues are realized, many covered entities and their business associates do not know where their data is currently being processed, stored, or backed up. In fact, storage or processing of personal health information ("PHI") overseas may or may not be permitted or at least require additional resources, such as additional or more detailed risk assessments.

There currently are no federal regulations or statutes that prevent storing or processing PHI offshore or overseas; however, the Centers for Medicare and Medicaid Services ("CMS"), the U.S. Department of Health and Human Services ("HHS"), and the U.S. Office of Civil Rights ("OCR") within the HHS, have all issued regulations or provided guidance that restrict storing or processing PHI offshore. In addition, there are four states that ban any Medicaid data from being stored or processed overseas (Arizona, Alaska, Ohio and Wisconsin), two more that only allow offshore contracts under extremely limited circumstances, and nine more that have specific requirements that must be met before any offshore processing or storage of Medicaid data is allowed. Even if a healthcare provider is not located in one of the above states, if the provider has treated a patient of those states, state regulators may argue that the healthcare provider must comply with their laws, regulations, and guidance, as applied to the resident of their state. Even more concerning is that even though Delaware does not have any laws or statutes banning offshore processing or data storage, Delaware recently started adding provisions to all of their contracts (similar to Wisconsin) that the State (Delaware) will not permit project work to be done offshore. There may be additional states adding these prohibitions to their contracts in the future.

If extra regulatory burden and potential state law bans were not enough by themselves, any PHI stored offshore likely will be subject to local law of the country in which it is stored. Furthermore, these local laws may allow for actions or even access to the data that directly conflicts with requirements on healthcare providers under HIPAA/HITECH, even if the vendor signed a BAA. Due to the issues in enforcing HIPAA and HITECH, and even a BAA against an overseas vendor, HHS has basically stated that it is the duty of the healthcare provider or vendor for deciding how to vet data services vendors and comply with expected additional requirements when conducting a risk assessment on overseas providers.

At this point, most healthcare providers question if any offshore or offsite data storage or processing is worth any potential cost savings, or if OCR has any further guidance. In the fall of 2016, OCR prepared guidance that explained how federal health information privacy and data security rules apply to cloud services. In summary, this guidance helped data service companies, but at the expense of covered entities by primarily placing the burden on the covered entities, specifically hospitals, insurers, doctors, and other healthcare providers. In looking at data service vendors, OCR decided that data service subcontractors of the covered entities' business associates are actually business associations of the business associates. According to the OCR, covered entities must assess the cloud services providers' or offshore providers' data security efforts, but HIPAA does not require the cloud services providers to allow covered entities audit them. As such, covered entities are required to determine how well a cloud services provider handles system reliability, data security, and data backup and recovery, without the ability to perform an audit. While this is problematic when dealing with domestic cloud service providers, it creates additional issues when dealing with overseas cloud service providers.

While OCR allows use of overseas providers, as of right now the rules of HIPAA and HITECH fail to address any international aspects, leaving no requirements but also no protections for covered entities. If you select a domestic provider, the laws and regulations regarding PHI apply to both parties, but if an overseas provider is selected, HIPAA and HITECH will not apply, unless they contractually agreed to comply with such laws and regulations. If there is a breach and the overseas provider refuses to defend against or pay any fines or fees levied related to the breach, the covered entity may be liable for paying. It is also important to note that while an international provider may agree to sign a BAA, many international providers do not understand the requirements of HIPAA and HITECH, while most domestic providers have a greater understanding.

Even if you know where the company with whom you are contracting is located, do you know where they send the backup data? Do they send data for processing or backup to other agents, subcontractors, vendors, or other data providers overseas? You may not realize your data is regularly taking international trips, and may be better traveled than you are. In addition, if a relationship is terminated with an international provider, how will you ensure that the data is wiped from the system? Healthcare providers generally must require a certificate of destruction when terminating data services, and will you be able to comply with this provision with an offshore provider?

In contract with cloud service providers, including backup providers, e-mail providers, and other processing entities, covered entities and their BAAs must determine where their data is located, and if it is offshore, they must analyze if any of the information is prohibited from being exported by any state or local regulations. If not, next it must be determined if there is an extra compliance burden associated with the data being offshore, and if that extra compliance burden and the associated risk of being offshore are worth any cost savings by using the offshore provider. If an entity knows that some of its data may be banned from being exported overseas, or would raise too much risk or compliance burden, then language banning such exports should be placed in the agreements, including any BAAs.

High Court Unanimously Upholds ERISA Exemption For Church-Affiliated Pension Plans

by Kimberly J. Ruppel , Member
Troy Office
248.433.7291
kruppel@dickinsonwright.com

Advocate Health Care Network et al v. Stapleton et al, 581 U.S. __ (2017)

In one of the recent opinions rendered by the United States Supreme Court, it was found that pension plans maintained by religiously affiliated pension plan committees were exempt from certain provisions of the Employee Retirement Income Security Act of 1974, 29 U.S.C. § 1001, et seq. (as amended) ("ERISA").

Why is this of interest? ERISA obligates employers to follow a set of rules designed to ensure plan solvency and protect plan participants. Some of these rules, particularly rules regarding pension plan design and funding, may seem more burdensome to employers than protective of employees. The outcome of this case was a blow to those seeking to hold church affiliated hospitals accountable to the same ERISA requirements as their secular counterparts.

The original ERISA statute provided an exemption for "church plans", defined as "a plan established and maintained . . . for its employees . . . by a church." 29 U.S.C. §1002(33)(A). Congress amended the statute in 1980 in part to add a section that formed the basis of the dispute before the Court as follows: "A plan established and maintained . . . by a church . . . includes a plan maintained by an organization . . the principal purpose . . . of which is the administration of funding of [such] plan . . . for the employees of a church . . . , if such organization is controlled by or associated with a church." 29 U.S.C. §1002(33)(C)(i). The Court condensed this description as a plan maintained by a "principal purpose organization".

For decades, the IRS, Department of Labor and the Pension Benefit Guaranty Corporation, which are the three federal agencies responsible for administering ERISA, have read the two definitional sections together and allowed pension plans of church affiliated hospitals, such as the parties in these three consolidated disputes, to be exempt from ERISA.

Recently, three separate class actions were filed by current and former hospital employees to challenge their employers' pension plan exempt status. The Courts of Appeals for the Third, Seventh and Ninth Circuits agreed with the employees' argument that a pension plan must be established by a church to be exempt. The High Court granted certiorari in these similar disputes to resolve the question of whether a church affiliated hospital employee benefit plan that was maintained by internal benefit committees but not established by a church satisfied the exemption definition.

In the opinion, Justice Kagan explained that the use of the word "include" in the amended definition indicated that a different type of plan should receive the same exemption benefit as the original definition. Accordingly, since Congress deemed the category of plans "established and maintained by a church" to "include" plans maintained by a principal purpose organization, all such plans are exempt from ERISA's requirements.

It is important to note that hospital plans may still be subject to attack under state law theories of liability with respect to allegations of underfunding or other irregularities. However, church based hospital plans, maintained by an internal benefit committee but not established by a church such as those in these consolidated disputes remain exempt from ERISA's funding reporting and design requirements.

Recent Case Serves as Reminder to Take Care in Structuring Sales of Physician Practices

by Ralph Levy, Of Counsel
Nashville Office
615.620.1733
rlevy@dickinsonwright.com


Over the past few years, hospitals, health systems and practice management companies have increased their efforts to acquire physician practices. Moreover, physician groups are increasingly interested in selling their practices to these interested purchasers. The primary reasons for this trend are varied but in general are prompted by an increased focus on the delivery of medicine in a seamless integrated system by all healthcare providers.
For physicians or other healthcare providers that are considering practice sales, care should be taken in structuring the sale to minimize the federal taxes payable as a result of the sale. In general, there are two choices to structure the practice sale:

  • Stock sale - Under this sale structure, which works only if the practice is incorporated, the physicians sell stock in their professional corporation or professional association to the interested purchaser
  • Asset sale - Under this sale method, the practice itself sells its tangible and intangible assets to the purchaser

In addition to these two choices, the sale can be structured as a hybrid using a combination of these sales methods. A final and much less common option would be for a portion of the sale consideration to be paid by the purchaser to one or more selling physicians and characterized as a sale of personal goodwill.

For both tax and non-tax reasons, from the seller(s)' perspective, the preferential method for a practice sale would be Option 1 (sale of stock). Under present tax law, a stock sale generates capital gains to the selling physicians. For physician practices organized as "C" corporations, the tax savings from a stock sale as opposed to an asset sale are much greater due to federal taxes that will be payable by the incorporated practice and by its shareholders on liquidation of the corporation and the resulting distribution of the net after tax proceeds of the sale.

In addition to taking care in structuring the sale using these available options, physicians should make certain that the sale documents accurately reflect the structure agreed to by the seller(s) and the buyer. This latter issue was addressed in a recent Fifth Circuit Court of Appeals case in which the sellers of a business tried to restructure the sale when they became unhappy with the tax consequences that arose from the sale under the documents that they had executed. In Makric Enterprises, Incorporated v. Comm'r, 119 AFTR 2d ¶2017-580 (5th Cir. 2017), the Court of Appeals for the Fifth Circuit affirmed a finding of the Tax Court that no mutual mistake was made in the sale of a closely held company's stock that would require a reformation of the transaction. At issue was whether a sale of stock owned by a holding company in its wholly owned subsidiary should be recharacterized as a sale by the holding company's shareholders of their stock in the holding company. The shareholders contended that they believed that they were selling stock in the holding company; however, the sale documents indicated otherwise. The Fifth Circuit rejected the taxpayer's argument on appeal that there was a mutual mistake in the sale documents that would require reformation of the sale structure in the manner sought by the taxpayer.

The lesson to be learned from the Makric decision is that even if physicians who are contemplating a sale of their practice group decide after consultation with their advisors that a sale should be structured in a certain way to minimize federal tax consequences, they should carefully review the sale documents to verify that the documents accurately reflect the desired structure of the sale.

Although the tax differences of the various sale options will decrease if tax reform is enacted as has been proposed by President Trump, this tax legislation will reduce but not eliminate the tax differences from the two different sale options.

Moreover, state law (for example, in those states that have the so-called "corporate practice of medicine" doctrine) may drive how practice sales can be legally structured in which case, the legal aspects of the sale may limit the options to structure the sale. As a result, in those states, the asset sale structure may be the only option. If so, the asset sale will generally result in a higher tax bite against the sale proceeds.

This article appeared in the March/April 2017 issue of the Journal of Health Care Compliance and is being reproduced here with permission. Additional information about this publication can be found at https://lrus.wolterskluwer.com/store/products/journal-health-care-compliance-prod-000000000010029001/internet-item-1-000000000010029001

Keeping Pace in Clinical Research: The Common Rule Picks up Speed

by Billee Lightvoet Ward, Esq., Of Counsel
Grand Rapids Office
616.336.1008
bward@dickinsonwright.com


In recent years, the world of human subjects research has expanded not only with regard to the number of clinical research trials being conducted and the array of drugs and devices being tested, but also with respect to the technology employed to conduct the research and the nature of the research itself. As one example, increasing reliance on repositories of human biospecimens or individually identifiable health information has changed the research landscape and the associated risks and benefits. Until recently, applicable federal regulations have failed to keep pace.

The Common Rule

Despite the expansion and modernization of clinical research, the principle federal regulations governing protection of human subjects and ethical conduct in federally supported clinical research (the Federal Policy for the Protection of Human Subjects, generally known as the "Common Rule"), have remained largely unchanged since they went into effect in 1991. However, on September 8, 2015, sixteen federal agencies issued a Notice of Proposed Rulemaking (the "NPRM") with the intent of clarifying the regulations and making them less burdensome on the research community while maintaining protections for clinical trial participants. The NPRM was in follow-up to an Advance Notice of Proposed Rulemaking issued in 2011 which solicited public comment on the notion of updating the Common Rule. On January 19, 2017, after fielding over 2100 comments on the NPRM, the agencies issued a final rule approving long-awaited updates to the Common Rule (referred to herein as the "Final Rule") to be effective, with limited exception, on January 19, 2018.

Key Updates

Below is a summary of some of the key changes contained in the Final Rule.

Definitions. The Final Rule updates certain definitions that existed under the Common Rule and adds others. Although various changes that were proposed under the NPRM were included in the Final Rule, there were several proposed changes the agencies declined to adopt. One notable example was the agencies' refusal to change the definition of "human subject" to include "non-identifiable biospecimens." Such a change would've been a significant departure from the Common Rule and would've had the effect of requiring informed consent for research on non-identifiable biospecimens. As it stands, and will remain under the Final Rule, informed consent is not required for secondary research involving non-identifiable biospecimens.

Consent. The Final Rule updates various provisions relating to informed consent in the clinical research setting including the following:

  1. To ensure that potential research subjects are informed of the information they need to make an educated decision about whether or not to participate in a research trial, the informed consent form must now contain a concise summary of key information relating to the research (including the purpose(s), risks, benefits, alternatives, and other information required to be addressed in more detail throughout the form) at the beginning of the form.
  2. The Final Rule adds the following four elements to the existing informed consent requirements: (i) whether biospecimens collected as part of the research will be used or distributed for future research; (ii) whether specific technology determined to be capable of generating identifiable information or identifiable biospecimens will be used; (iii) a statement that biospecimens may be used for commercial profit and whether the subject will share in such profit; and (iv) whether clinically relevant research results will be disclosed to subjects.
  3. Under the Final Rule, researchers may obtain a broad consent to store, maintain and use identifiable data or biospecimens. There are various requirements and caveats associated with these provisions, but they afford researchers greater flexibility with respect to informed consent for certain future research. As outlined above, consent is not required to conduct secondary research using non-identifiable biospecimens.
  4. Consent forms for certain federally-funded trials must be posted on a public website (to be created) at any time after the study is closed to recruitment, but no later than 60 days after the last study visit of any study subject.

Oversight. The Final Rule makes various changes relating to IRB oversight of human subjects research including the following:

  1. Multi-site research studies ("cooperative studies") must be reviewed by a single IRB unless review by multiple IRBs is required by law. This is a significant change to the Common Rule as it previously existed and, given the practical complexities involved in implementing this change, the effective date for compliance is delayed until January 19, 2020.
  2. The Final Rule relaxes the requirements for IRB oversight in relation to "low-risk" studies in several ways. First, the Final Rule revises and expands the Common Rule's previously existing concept of "exempt" research. Additionally, during the standard of care follow-up and data analysis phases of clinical studies when research subjects are no longer at risk, continued IRB oversight and review is no longer required. Finally, unless otherwise required by the IRB or requested by the researcher, studies under expedited review do not require continued IRB review and oversight.

Compliance

Researchers, institutions and IRBs should ready themselves to comply with the Final Rule as of January 19, 2018. Compliance efforts should include revising policies, procedures and forms, and educating research staff on the new requirements. Clinical studies that have been approved or determined to be exempt prior to January 19, 2018 may continue to operate under the Common Rule as it currently exists, but research institutions may choose to apply the Final Rule to such research through a formal determination with the responsible IRB.

If you would like a printable version of this Healthcare Newsletter, click here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
Kimberly J. Ruppel
Ralph Levy, Jr.
 
In association with
Related Topics
 
Related Articles
 
Related Video
Up-coming Events Search
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
 
Email Address
Company Name
Password
Confirm Password
Position
Mondaq Topics -- Select your Interests
 Accounting
 Anti-trust
 Commercial
 Compliance
 Consumer
 Criminal
 Employment
 Energy
 Environment
 Family
 Finance
 Government
 Healthcare
 Immigration
 Insolvency
 Insurance
 International
 IP
 Law Performance
 Law Practice
 Litigation
 Media & IT
 Privacy
 Real Estate
 Strategy
 Tax
 Technology
 Transport
 Wealth Mgt
Regions
Africa
Asia
Asia Pacific
Australasia
Canada
Caribbean
Europe
European Union
Latin America
Middle East
U.K.
United States
Worldwide Updates
Registration (you must scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.

Disclaimer

The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.

General

Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions