Uber announced yesterday its latest initiative, Uber Health, which will bring Uber to the forefront of the non-emergency medical transportation (NEMT) industry. Uber initially entered into the NEMT industry in 2016 when it partnered with Circulation, a Boston-based technology startup, to offer NEMT services to certain health care facilities across the country. In January 2018, Circulation touted that it had expanded its reach and partnerships, growing to more than 1,000 health care facility clients and adding Lyft as a preferred partner. With an obvious need for provider-coordinated NEMT ridesharing services, both Uber and Lyft wished to fill that void.

But now, rather than offering NEMT ridesharing services to only select health care facility clients through an outside firm, Uber has launched its own platform to allow all health care providers to schedule – and pay for – rides for their patients.

While the ability for providers to schedule rides for their patients may improve access to care and reduce no-show rates by offering transportation to the estimated 25 percent of patients who miss an appointment due to transportation problems, ridesharing NEMT poses significant legal and compliance risks as well.

Health care providers who wish to schedule and pay for NEMT services for their patients should beware of potential regulatory hurdles, particularly fraud and abuse concerns if providers offer these services at little or no cost to federal program beneficiaries. Potential violations of the Civil Monetary Penalties Law (CMP) and the Anti-Kickback Statute (AKS) could be alleged for the provision of these services. Health care providers should endeavor to meet codified safe harbors to the Anti-Kickback Statute (AKS) and exceptions to the beneficiary inducement provisions of the Civil Monetary Penalties law (CMP), which address free and discounted transportation.

Additionally, ridesharing NEMT poses Health Insurance Portability and Accountability Act (HIPAA) and cybersecurity risks. Uber Health's platform will be accessible by providers online or integrated into a health facility's existing system. Providers should consider potential cybersecurity exposure, including the risk for a breach of patients' protected health information through the Uber Health platform, and whether the provider's electronic medical record system could be accessed or hacked when linked to the Uber Health platform.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.