The Spectre of Strict Liability For An Employee’s HIPAA Breach

On May 7, 2015, the Supreme Court of Indiana denied any further review in the matter of Walgreen Company v. Hinchy  This denial of review leaves standing the opinion of the intermediate Court of Appeals that had upheld a $1.44 million verdict against Walgreen Company for a breach of confidentiality by an employed pharmacist. Walgreen Co. v. Hinchy, 21 N.E.3d 99 (Ind. Ct. App. 2014), 29 N.E.3d 748 (Ind. Ct. App.), transfer denied, 2015 Ind. LEXIS 374 (Ind. 2015).

The pharmacist had accessed the prescription records of a woman customer who had been romantically involved with the pharmacist’s boyfriend and eventual husband and divulged information she obtained to him.   The disclosed information related to birth control prescriptions and sexually transmitted diseases and was used by the boyfriend in an attempt to have the woman relent on her paternity claims against him.  All of this came to the knowledge of the woman’s family and friends.

Hinchy is notable not only for the size of the verdict but also as another instance of the expanding number of cases finding a state-law cause of action for a HIPAA breach.  This issue has previously been identified in this blog.

But the decision is more noteworthy in its imposition of vicarious liability on the employer.  The Indiana Court of Appeals rejected out of hand the Walgreen position that the pharmacist had acted on her own and outside the scope of her employment as a pharmacist.  It did not matter to the court that Walgreen had in place policies restricting the use and disclosure of HIPAA PHI and a computer audit trail that identified the pharmacist’s accessing of the records and confirmed the breach.   Walgreen also had a training program for employees to encourage adherence to the policies regarding non-disclosure of patient confidential information.  Before jury selection, the trial judge had granted partial summary judgment in favor of Walgreen on an allegation of negligent training.   While the trial judge had denied the part of that motion challenging negligent supervision of the pharmacist by Walgreen, the Court of Appeals stated that it was not considering the supervision claim at all and that its determination of liability was based solely on respondeat superior.  It approved of the following jury instruction:

An employer is liable for the wrongful acts of its employee which are committed within the scope of employment.

An act is within the scope of employment if it is incidental to the employee’s job duties, that is to say, the employee’s wrongful act originated in activities closely associated with her job.

In deciding whether an employee’s wrongful act was incidental to her job duties or originated in activities closely associated with her job, you may consider:

1. whether the wrongful act was of the same general nature as her authorized job duties;

2. whether the wrongful act is intermingled with authorized job duties; and

3. whether the employment provided the opportunity or the means by which to commit the wrongful act.

Contrary to Hinchy is the outcome and analysis in Bagent v. Blessing Care Corp., 862 N.E.2d 985 (Ill. 2007), in which a hospital-employed phlebotomist received a fax from a facility that performed laboratory tests for the hospital at which she was employed.  The fax had the results of a pregnancy test for the plaintiff indicating that she was pregnant.  A few days later the phlebotomist was at a tavern with friends when she saw the plaintiff’s sister and asked how the sister was doing with the pregnancy assuming she knew of it.  She did not.  The Illinois Supreme Court ruled that this conduct was outside the scope of the phlebotomist’s employment.

The established doctrine of respondeat superior provides that an employer faces liability to persons harmed by employees acting in the course of their employment.  Generally, a master is not subject to liability for the torts of his or her servants acting outside the scope of their employment, unless: (a) the master intended the conduct or the consequences, or (b) the master was negligent or reckless, or (c) the conduct violated a non-delegable duty of the master, or (d) the servant purported to act or to speak on behalf of the principal and there was reliance upon apparent authority, or he or she was aided in accomplishing the tort by the existence of the agency relation. More particularly, intentional torts and crimes rarely fall within the scope of employment because an employer is not responsible for acts that are clearly inappropriate or unforeseeable in carrying out authorized tasks.  In Davis v. Devereux, 209 N.J. 269 (2010), the Supreme Court conducted an extensive review of the principles of respondeat superior with particular reference to the scope of employment issues.  In Davis as it had on several occasions, the Court noted that the determination of whether or not a particular act is within or outside the scope of employment involves a fact-specific inquiry.  That will be quite true in connection with allegations of tortious HIPAA breaches.

The Court in Davis also looked at the exception to employer vicarious liability based on a non-delegable duty.  Although the non-delegable duty doctrine has been used in a healthcare context, see Marek v. Professional Health Services, Inc., 179 N.J. Super. 433, 441-42 (App. Div. 1981), the Court underscored its reluctance to impose liability on the basis of this concept.  It results in liability regardless of whether the employer acted with care in hiring and training an employee and regardless of whether the employee acted within the scope of his or her employment.  Although the Indiana Court of Appeal did not use the terminology of “non-delegable duty,” its holding is consistent with that analysis.  Finding of a non-delegable duty in connection with HIPAA medical privacy issues will open expansive tort liability for employers.  There are a number of instances in which creative plaintiff’s attorneys have attempted to construct liability claims based on an asserted “non-delegable duty” arising out of Federal regulations.  This is something to watch out for in connection with HIPAA breach torts.  As illustrated in a number of recent state cases, including more recently Hinchy, while the source of a duty may be state law which provides the private cause of action, the standard of care is derived from the Federal regulation.  It is indeed something to watch out for.

ePHI Data Breach and the Consumer Fraud Act

The important protection against data breach liability by encrypting ePHI has been pointed out a number of times on this blog. Although not required by HIPAA or HITECH security rules, encryption is a practical solution to a potentially big problem. Indeed, the Office of Civil Rights has commented in the past that “[e]ncryption is an easy method for making lost information unusable, unreadable and undecipherable.” While not required, encryption is an “addressable” implementation that nonetheless becomes effectively required under the “reasonable and appropriate” standard of review applied to the retrospective evaluation of security measures utilized in data breach circumstances. The burden is on the covered entity to show that it was unreasonable and inappropriate to have used encryption.

In any event, the persuasiveness of the argument for encryption as a matter of routine was strengthened on January 9, 2015 when Governor Christie signed Senate Bill 562 into law as P.L. 2014, c. 88.

This is an amendment to the New Jersey Consumer Fraud Act that will be codified at N.J.S.A. 56:8-196 to 56:8-198. The new legislation has an effective date of August 1, 2015.

It uses the definition of individually identifiable health information found in the HIPAA Privacy Rule and incorporates it into a broader category of “personal information.” N.J.S.A. 56:8-196. As of its effective date the statute mandates that a health insurance carrier shall not compile or maintain computerized records with personal information “unless that information is secured by encryption or by any other method of technology rendering the information unreadable, undecipherable, or otherwise unusable by an unauthorized person.” N.J.S.A. 56:8-197. It explicitly provides that “more than the use of a password protection” is required if the password program only prevents general unauthorized access and does not render the information “unreadable, undecipherable, or otherwise unusable.”   These requirements are directly at computer sytems broadly, including desktop computers, laptops, tablets or other mobile devices, or removable media.

New Jersey is the second state to impose explicit encryption requirements on personal information in a computerized form. Massachusetts had taken the first step with regulations effective in 2010 that had been promulgated pursuant to its anti-identity theft legislation. See generally 201 Mass. Code Regs. 17.04. The New Jersey restrictions currently apply only to health insurance carriers and do not extend to health care providers. This is consistent with the long-standing general proposition that the New Jersey Consumer Fraud Act does not apply to licensed professionals such as physicians or hospitals who are subject to comprehensive regulations by their own regulatory bodies. See, e.g., Macedo v. Dello Russo, 178 N.J. 340, 344-46, 840 A.2d 238, 240-42 (2004); Hampton Hosp. v. Bresan, 288 N.J. Super. 372, 381-83, 672 A.2d 725, 730-31 (App. Div.), certif. denied, 144 N.J. 588, 677 A.2d 760 (1996). But the statute certainly may be viewed as an expression of best practices if not an emerging standard of care.

Pursuant to N.J.S.A. 56:8-198 violations of the computer encryption statute are declared to be “an unlawful practice” subjecting violators to consequences under the Consumer Fraud Act. These include penalties of up to $10,000 for the first violation and up to $20,000 for the second and any subsequent violation. The Attorney General can bring an action for a cease and desist order and the court can order restitution. Lastly, an individual consumer who can demonstrate an ascertainable loss and a causal nexus between the alleged act of consumer fraud and the damages sustained can bring a private action for treble damages and attorney’s fees.

Federal HIPAA Privacy Rule Provides Standard of Care for State Common Law Breach of Medical Confidentiality And Potentially for Class Action Claims of Data Breach

In an opinion filed November 11, 2014, the Supreme Court of Connecticut held that to the extent that state law recognized a cause of action for breach of a health care provider’s duty of confidentiality in responding to a subpoena issued in connection with private litigation involving the patient, such a cause of action was not preempted by the provisions of the HIPAA Privacy Rule.  The HIPAA regulations, however, could inform the standard of care applicable to such a claim.  The Supreme Court reversed the dismissal of the negligence counts alleging breach of confidentiality and remanded the matter for further proceedings.  Byrne v. Avery Center for Obstetrics and Gynecology, P.C., 2014 WL 5507439 (Conn. 2014).

The plaintiff in Byrne had been a patient of the OB-GYN group and had received a copy of its Notice of Privacy Practices which included a representation regarding non-disclosure of protected health information without her authorization.  The patient had been in a relationship with one Andro Mendoza which ended.  She directed the OB-GYN group to not release any of her information to Mr. Mendoza.  The man filed paternity actions and issued a subpoena to the OB-GYN group for medical records.  The OB-GYN group did not alert the patient to receipt of the subpoena or move to quash it or appear in court in response.  Rather, it mailed a copy of the patient’s medical file to the court.  The records were not placed under seal but were made available to Mendoza for review.  The plaintiff alleged that she had been harassed by Mendoza and received extortionate threats from him following his accessing her medical records.

On motions for summary judgment, the trial court had concluded that there was no private right of action under HIPAA and that the Federal regulations preempted any basis for action in the state court.  In its opinion, the Connecticut Supreme Court acknowledged the now well established proposition that HIPAA did not provide for a private right of action and indeed the concession in this regard by plaintiff.  However, it emphasized that the cause of action was not based on HIPAA but would use the HIPAA regulations as evidence of the proper standard of care.  “[T]o the extent it has become the common practice for Connecticut health care providers to follow the procedures required under HIPAA in rendering services to their patients, HIPAA and its implementing regulations may be utilized to inform the standard of care applicable to such claims arising from allegations of negligence in the disclosure of patients’ medical records pursuant to a subpoena.”  The court concluded that common-law negligence actions, with HIPAA informing the standard of care, did not obstruct, preclude, conflict with, or complicate health care providers’ compliance with HIPAA for preemption purposes. On the contrary, it stated:  “[N]egligence claims in state courts support ‘at least one of HIPAA’s goals by establishing another disincentive to wrongfully disclose a patient’s health care record.’” (Quoting Yath v. Fairview Clinics, N.P., 767 N.W.2d 34, 50 (Minn. App. 2009).

In a pre-HIPAA opinion by Judge Philip Carchman, the New Jersey Appellate Division identified a cause of action in tort under state law for improper disclosure of medical records in response to a subpoena where there had not been compliance with the procedural requirements for the subpoena and, as in Byrne, the health care provider had simply mailed the requested records – although directly to the attorney issuing the subpoena.  Cresceno v. Crane, 350 N.J. Super. 531 (App. Div.), certif. denied, 174 N.J. 364 (2002).  There is no published opinion from a New Jersey court that directly addresses this issue in light of HIPAA.  In Smith v. American Home Products, 372 N.J. Super. 105 (Law Div. 2003), Judge Marina Corodemus rejected a contention by plaintiffs that the HIPAA regulations preempted the informal discovery procedures permitted by state law but acknowledged certain additional procedural safeguards to be HIPAA-compliant.

In a posting in July of this year, we had noted the developing groundswell of decisions utilizing HIPAA violations as a basis for a cause of action arising under state law.  The Connecticut decision joins a number of jurisdictions that now include decisions from the highest court in North Carolina (Acosta v. Byrum, 638 S.E.2d 246 (N.C. 2006)) and West Virginia (R.K. v. St. Mary’s Medical Center, 735 S.E.2d 715 (W.Va. 2012), cert. denied, 133 S.Ct. 1738 (2013)); as well as lower court decisions in Missouri, Minnesota, and Tennessee.  These lower court decisions are collected in the R.K. opinion.

Building on the R.K. precedent and the use of HIPAA as a standard of care for breach of medical confidentiality, West Virginia had expanded the existence of that cause of action into a basis for a data breach class action in its opinion in Tabata v. Charleston Area Medical Center, 759 S.E.2d 459 (W.Va. 2014), which was featured in our July blog posting.  The court found that this was sufficient “injury in fact” to sustain the putative class claim.  Two recent Illinois decisions reached the seemingly opposite conclusion in HIPAA data breach claims arising – once again – out of the loss of unencrypted laptop computers.  In Vides v. Advocate Health & Hospitals, Case No. 13-CH-2701 (Ill. Lake County Cir. Ct. May 27, 2014), and in Maglio v. Advocate Health & Hospitals, Gen. No. 13 L 538 (Ill. Kane County Cir. Ct. July 10, 2014) the court granted motions to dismiss a putative class action arising out of a data breach, holding that the recent United States Supreme Court decision in Clapper v. Amnesty Int’l, Inc., 133 S.Ct. 1138 (2013), compelled “rejection of Plaintiffs’ argument that an increased risk of identity theft is sufficient to satisfy the injury-in-fact requirement for standing.”  The potential for future injury was deemed too speculative to sustain the cause of action.  The Illinois decisions are in line with the overall consensus regarding data breach cases that putative class members lack standing where there is only a possible future risk of harm and cannot show an injury-in-fact.  It remains to be seen if the notion of the more focused concept of breach of medical confidentiality as injury will be widely accepted as conferring standing and liability on a class basis for a HIPAA breach.

Termination of the Designation of Trial Counsel for Medical Malpractice Defendants: Presumptive But Not Automatic

The highly respected and distinguished judge Wilfred H. Jayne made the following observation in Amo v. Genovese, 17 N.J. Super. 109, 85 A.2d 529 (App. Div. 1951), certif. denied, 9 N.J. 181, 87 A.2d 576 (1952):  “It is exceedingly desirable, if not imperative, that in the disposition of the modern quantity of litigation, expedition must supplant languor, but never at the expense of justice.”  With the issuance of its 2014 Omnibus Rules Amendment Order at the end of July, the New Jersey Supreme Court found a way to balance the clamor for administrative efficiency and calendar control regarding medical malpractice litigation with the administration of justice in individual cases.

The Court adopted a modification of the recommendation made by its Civil Practice Committee for an amendment to Rule 4:25-4.  Since 1964 the Rules of Court have provided that a party in a civil lawsuit may notify the court that a particular lawyer is designated to try the case.  If there is no attorney designated as trial counsel in accordance with the Rule, then the court and opposing counsel have the right to expect any partner or associate to proceed with the trial when the case is reached on the trial calendar.  By its terms, the Rule applies to counsel for plaintiffs and for defendants.  A subcommittee of the Civil Practice Committee reviewed data concerning significant backlogs in the disposition of medical malpractice cases and find that on average such case took almost four years to reach a trial date and such cases had the highest frequency of trial date adjournments.  The Report asserted that trials were “routinely adjourned” on the basis of the unavailability of designated trial counsel and noted that there were a “limited number of defense counsel permitted to try these cases.”  After due consideration, the Civil Practice Committee proposed an amendment that continued the designation of trial counsel procedure but revising the Rule so that such designation “shall expire” in all medical malpractice cases “pending for more than three years.”  The Committee’s Report adopted the subcommittee’s proposal for “the automatic expiration” of the designation of trial counsel.  It recommended that the amendment not go into effect until January 1, 2015 to allow time to accommodate the impact on already existing cases.  No type of case other than medical malpractice matters would be affected by the proposed amendment to terminate trial counsel designation.

The Supreme Court received comments from various bar organizations, some law firms, and stakeholders such as the Medical Society of New Jersey.  While the Supreme Court accepted the deferred effective date rather than using the September 1, 2014 date for most of the approximately 50 rule amendments in the Omnibus Order, it changed the language of the amendment to R.4:25-4.  As implemented by the Supreme Court, designation of trial counsel “shall presumptively expire” in medical malpractice cases that have been pending for more than three years.  The changed language sets an expectation regarding the ready status of a case but continues to repose in the bench – whether the presiding judge for the county or the actual trial judge – the need for the exercise of judicial discretion.

The defense of physicians in medical malpractice claims frequently present issues that will require the careful exercise of this discretion.  While meritorious claims are advanced against physicians, there are many cases that are either without merit or that present substantial defenses and answers to the asserted wrongdoing and liability.  But the only way for a physician sued for malpractice to avoid permanent harm to a professional career and reputation is to litigate the lawsuit to a successful conclusion.

Physicians must report to both the Federal Government’s National Practitioner Data Bank (NPDB) and the State Medical Practitioner Review Panel any settlements of malpractice suits filed against them as well as the entry of judgments against them resulting from a malpractice lawsuit.  Such collateral consequences of being sued and having a resulting judgment or settlement in tort cases are virtually unique to health care providers.  This reporting alone has a significant adverse impact on a physician’s professional career and reputation. Reports to the NPDB are accessed by health plans and insurance carriers; hospitals; nursing homes; and other healthcare entities.  Based on the information reported health plans may terminate participation agreements; hospitals may undertake a review of the circumstances of the settlement and take negative actions; privileging and credentialing may be negatively impacted; healthcare entities may revoke privileges or use the settlement as a basis not to privilege or employ the physician in the future.  Reports to the State Medical Practitioner Review Panel may result in investigations or disciplinary proceedings that could jeopardize one’s license but in any event will cause a disruption in one’s practice and life.  The compulsory change of defense lawyers from a previously designated trial counsel can result in a switch from a lawyer familiar with the matter to one who comes to the case late with the risk of lesser preparation and insight.  This heightens the potential for an adverse outcome in a case that could be won and increases the pressure to accept a settlement in a matter that should be taken to verdict.  Even the settlement of a case without merit must be reported by physicians. In fact, the only way for a physician to avoid harm to his/her professional career and reputation is to litigate to a successful conclusion.

In many instances physicians can and do choose an individual attorney, not a firm or the defense bar, to represent them in malpractice cases. The choice is frequently personal and is based on trust in that individual’s skill to bring the matter to a successful conclusion. The choice may be based on prior experience with the attorney, the recommendation of a trusted colleague, or the attorney’s successful record with similar cases. The bond between the physician-client and attorney grows throughout discovery and preparation for the trial. The physician-client puts his professional career and reputation in the hands of the designated trial attorney the same way a patient puts his health in the hands of a surgeon.  Thus, two important bonds are at risk here: the physician-patient relationship which is the subject of the litigation, and the attorney-client relationship which is crucial in the eyes of the physician to ensure that he/she has the counsel who has prepared the case and who will handle the trial to its conclusion.  In its case law the New Jersey Supreme Court frowned on “ghost surgery” where another surgeon was substituted for the individual who had been engaged and expected to do the operation.  A similar dynamic is presented by an automatic waiver of designated trial counsel status.

In addition to the trust that the physician has placed in his/her trial attorney, that attorney is best prepared to try the case. The attorney will know facts and medical and legal issues better than another attorney who is brought in simply to move the calendar. In fact, the designated trial attorney may be able to move the case more quickly, once the trial has started, than a newly designated one.

The need to move the calendar and to bring malpractice cases to a timely resolution is a mutually shared objective of all parties to the litigation. The pendency of a lawsuit has negative ramifications for all parties involved.  The toll of protracted litigation is significant in terms of the time required to defend and the emotional strain when a patient has suffered a bad outcome and believes that the physician did not exercise the appropriate standard of care. However, the need for trials to commence in an appropriate amount of time and the physician’s right to proceed at trial with his/her choice of counsel must be balanced against each other and assessed in light of reasons for delay.

The “presumptive” waiver of designated counsel after three years should not become “automatic” without taking into consideration the reasons that counsel is unavailable or whether counsel was available prior to reaching the three-year benchmark.  Judges should have discretion to consider all the reasons for delay, including the late identification of additional defendants and the need for additional discovery extending the time to get trial-ready as well as the continuing impact of prolonged judicial vacancies, on the trial schedule. Judges must have the discretion to weigh the potential harm to a physician of going to trial with a new attorney against the need to move the calendar.

It is the duty of the court to consider and determine issues before it so that the rights of the parties may be fairly protected in an orderly manner. It is as much an abuse of judicial discretion in refusing to exercise such discretion when warranted by the facts before the court, as it is to exercise that discretion improperly by means of a decision that is clearly erroneous on the facts or under the law.  But whether “presumptively” becomes “automatically” and the discretion is exercised in favor of mandatory waiver remains to be tested in the crucible of the trial calendar call.

Data Breach Characterized Instead As Violation of Medical Confidentiality and Privacy Provides Basis for Class Action

In a posting on this blog earlier in April of this year, we commented on the approval of a class action settlement in a matter in the United States District Court for Southern Florida arising out of the loss of laptops with unencrypted protected health information but without any demonstration of actual injury in the form of identity theft.  That outcome seemed contrary to the major trend in data breach cases, including the then fairly recent decision in Polanco v. Omnicell, Inc., 2013 WL 6823265 (D.N.J. Dec. 26, 2013).  The Florida Federal case had been grounded in state law and not HIPAA or HITECH.  But there may be a groundswell developing that may signal a likely increase in class action viability based on security breaches and medical data.

In Tabata v. Charleston Area Medical Center, 2014 WL 2430061 (W.Va. May 28, 2014), the highest court in West Virginia ruled that the plaintiffs had standing and met the requirements for class certification.  More than 3,000 patients of the MedicalCenter had their personal and medical information placed on the internet for an approximate six-month period so that it was exposed to view “if someone were to conduct an advanced internet search.”   In connection with the eventual breach notification to patients required by HIPAA/HITECH, all patients were offered a year’s worth of credit monitoring at the Medical Center’s cost.

Five of the patients filed a complaint alleging causes of action under West Virginia law for breach of a duty of confidentiality, violation of privacy, and negligence.  Plaintiffs filed a motion for class certification.  Discovery conducted to that point had not identified any instance of unauthorized users actually accessing or making any harmful use of the plaintiffs’ data or an instance of identity theft or any economic losses.  The trial court denied class certification finding that the burden of establishing commonality, typicality, and predominance of common issues of law or fact had not been met.  It also found that the plaintiffs lacked standing to bring the claims “because they have failed to show that they have suffered a concrete and particularized injury that is not hypothetical or conjectural.”

On appeal, the West Virginia Supreme Court of Appeals agreed with the lower court that the risk of future identity alone did not constitute an injury in fact for purposes of standing.  However, it noted that the complaint also asserted causes of action for breach of physician-patient confidentiality and invasion of privacy and that it was well established in West Virginia law that a patient had a cause of action against a physician who wrongfully disclosed confidential health information.  In a 2012 decision, the court had held that these common law torts were not preempted by HIPAA.

The court concluded that as patients of the MedicalCenter, plaintiffs had “a legal interest in having their medical information kept confidential,” that “this legal interest is concrete, particularized, and actual,” and that “when a medical professional wrongfully violates this right, it is an invasion of the patient’s legally protected interest.”  All of this was sufficient to give plaintiffs standing to bring a cause of action for breach of confidentiality.  It reached a similar conclusion with regard to the cause of action for invasion of privacy and went on to find the prerequisites for class certification were also present.

A brief dissent was filed by a single justice, stating that “[t]his case is a typical example of a frivolous class-action lawsuit.”  Invoking the proposition of “no harm, no foul,” he would have held that plaintiffs lacked standing and prognosticated that after “massive amounts of attorneys fees” were incurred by defendant conducting discovery of the several thousand unnamed plaintiff, there would still be no injury identified.  The trial court would then decertify the class and dismiss the matter.

Although it is widely accepted that neither HIPAA nor the expansion with HITECH and the 2013 Omnibus Rule provide for a private cause of action, the HIPAA/HITECH provisions can be used to provide a standard of care and concomitant legal duty regarding protection of health information from wrongful disclosure.  This has been quietly developing since at least 2006 when the appellate court in Acosta v. Byrum, 638 S.E.2d 246 (N.C. App. 2006) looked to HIPAA as “evidence of the appropriate standard of care, a necessary element of negligence.”  See generally Renewed Concerned for Tort Actions Based on HIPAA, 1 MDAdvisor 14 (January 2008).  Certainly the expanded liability of Business Associates as a result of HITECH presents an increased scope of exposure for breaches of patient confidentiality and an enlarged list of defendants for a class action claim.  This is a trend to keep an eye on.

DOJ Intervenes In False Claims Act Case and Alleges Violation for Failure to Return Medicaid Overpayment Within 60 Days of “Identification”

The need to investigate and “identify” potential Medicare and Medicaid overpayments promptly and diligently after they have come to the attention of hospitals and health care providers was underscored by recent action of the Department of Justice (DOJ). On June 27, 2014, DOJ intervened in a qui tam whistleblower lawsuit pending in the United States District Court for the Southern District of New York. It joined in claims under the federal False Claims Act against New York City’s Continuum Health Partners and its constituent hospitals based on the defendants’ failure to return Medicaid overpayments within sixty (60) days of identifying them, as required by § 6402(d) of the Affordable Care Act (ACA). United States ex rel. Kane v. Continuum Health Partners, Inc., et al, (Civil Action No. 11-2325 (ER)) (Complaint in Intervention filed June 27, 2014). These allegations are based solely on the fact that repayment did not occur within the 60-day timeframe required by the ACA and were brought despite defendants’ repayment of all amounts in dispute.

 The qui tam lawsuit that had been filed under seal in the Federal Court for the Southern District of New York included claims against the Healthfirst MCO, its affiliate entities, a large number of New York hospitals and also 20 New Jersey hospitals.  On June 26, 2014 the United States Attorney for the Southern District of New York and the New York Attorney General intervened in part of the case involving New York hospitals.  That same day, the qui tam Amended Complaint was unsealed.  It includes allegations that the 20 New Jersey hospitals had also erroneously billed Medicaid and attempted to unlawfully retain the overpayments in an aggregate amount of approximately $125 million.  In the Third Count, the qui tam Plaintiff asserts claims against the New Jersey hospitals under the New Jersey False Claims Act, N.J.S.A. 2A:32C(g), based on the hospitals’ alleged knowing failure to report and return the overpayments.  The State of New Jersey has not yet indicated whether it will intervene or not.

 Section 6402(d) of the ACA requires any “overpayment” to be reported, explained and returned within 60 days after the date on which it is identified or any corresponding cost report was due, as applicable. 42 U.S.C. § 1320a-7k(d). An “overpayment” is defined as “any funds that a person receives or retains under… [Medicare or Medicaid] to which the person, after applicable reconciliation, is not entitled under such title.” 42 U.S.C. § 1320a-7k(d)(4)(B).  Although to date CMS has not issued expected final regulatory guidance, the statutory text indicates that any overpayment retained past this deadline can lead to liability under the False Claims Act (FCA) in the form of treble damages, civil monetary penalties between $5,000 to $11,000 per violation, attorney’s fees and/or exclusion from Medicare participation. 31 U.S.C. § 3729; 42 U.S.C. § 1320a-7.

 In Kane, the overpayments were not the fault of any of the providers involved, but rather the result of coding errors by Healthfirst, the MCO which contracted with the Continuum providers for services to New York Medicaid managed care enrollees. Starting around early 2009, these errors caused Healthfirst to erroneously authorize the hospitals to seek additional payments from secondary payers. As a result, Continuum impermissibly submitted claims to New York Medicaid on behalf of its constituent providers

 The complaint alleges that in September 2010, the State of New York identified a small number of claims submitted by Continuum on behalf of its hospitals as having been wrongly submitted to Medicaid as secondary payer. Less than six months later, according to the DOJ, an internal investigation at Continuum revealed that approximately 900 specific claims totaling over $1 million may have been submitted to, and paid by Medicaid as a secondary payer, in error. While Continuum eventually made final repayment of all amounts in issue, that process was not completed until March 2013 and only after the Government issued a Civil Investigative Demand concerning these payments in June 2012.

 The DOJ is seeking treble damages in an amount to be determined, penalties of $11,000 for each overpayment retained beyond the 60-day deadline created by the ACA, and costs of suit. This is believed to be the first instance where damages under the FCA are sought solely as a result of failing to comply with the ACA’s requirement that overpayments be returned within 60 days.

 When exactly each alleged overpayment was “identified” by the defendants will be a crucial issue in Kane. This ambiguity concerning the “identification” of overpayments under § 6402(d) has been the source of industry concern since the ACA’s enactment. In February 2012, the Centers for Medicare and Medicaid Services (CMS) issued a proposed rule addressing this, at least in part. See 77 Fed. Reg. 32, 9179-9187 (Feb. 16, 2012) (the “Proposed Rule”). In speaking to Medicare, (leaving “[o]ther stakeholders, including, without limitation… Medicaid MCOs … [to] be addressed at a later date”), CMS advocated a knowledge requirement similar to that which exists under the FCA, stating that an overpayment has been identified for purposes of the ACA when “the person has actual knowledge of the existence of the overpayment or acts in reckless disregard or deliberate indifference of the overpayment.” Id. at 9180, 9187 (proposed 42 C.F.R. § 401.305(a)(2)).

Concerning “identification,” of overpayments, the Proposed Rule states that a provider “may receive information concerning a potential overpayment that creates an obligation to make a reasonable inquiry to determine whether an overpayment exists.” Id. at 9182. Failure to make such a “reasonable inquiry” with “all deliberate speed after obtaining the information could result in the provider knowingly retaining an overpayment because it acted in reckless disregard or deliberate ignorance of whether or not it received such an overpayment.” Ibid.

Illustrative examples of wrongfully retained overpayments, apropos of Kane, provided in the Proposed Rule include instances where a provider “is informed by a government agency of an audit that discovered a potential overpayment, and… fails to make a reasonable inquiry.” Ibid. In CMS’s view, “[w]hen government agency informs a provider or supplier of a potential overpayment, the provider or supplier has an obligation to accept the finding or make a reasonable inquiry. If the provider’s or supplier’s inquiry verifies the audit results, then it has identified an overpayment and, assuming there is no applicable cost report, has 60 days to report and return the overpayment.” Ibid.

Though the Proposed Rule was never enacted, that is not of any significance in light of the plain language of the statute. Confirming this, CMS warned “all stakeholders that even without a final regulation they are subject to the statutory requirements found in… [Section  6402(d) of the ACA] and could face potential False Claims Act liability, Civil Monetary  Penalties Law liability, and exclusion from Federal health care programs for failure to report and return an overpayment.” Id. at 9180-81.

 By intervening in Kane, the DOJ has signaled its expansive view of what constitutes “identification” of these overpayments and its willingness to seek the draconian remedies permitted by the FCA.

The Potential Blinding Effect of the Physician Payments Sunshine Act

This past Monday June 30, 2014 was the deadline for submission to the Federal government of detailed data on payments from pharmaceutical and medical device manufacturers to physicians and teaching hospitals.  Designed to increase transparency of financial relationships between manufacturers and health care professionals and to thereby allow patients to make more informed decisions regarding their health and treatment choices, this area is rife with controversy.

Section 6002 of the Affordable Care Act – also known as the Physician Payment Sunshine Act – is codified as 42 U.S.C. § 1320a-7h.  Although a piece of the overall Obamacare legislation, the Sunshine Act has its origins and roots in the efforts of two United States Senators, Chuck Grassley (R-IA) and Herbert Kohl (D-WI), dating back to 2007.  The Sunshine Act mandates tracking and reporting of certain transfers of value from biologic, pharmaceutical, and device manufacturers to physicians and teaching hospitals as of August 1, 2013.  The Centers for Medicare and Medicaid Services (CMS) released the Final Regulations in February 2013 for what is now called the Open Payments Program.  See 78 Fed. Reg. 9458-9528.

The Sunshine Act appears in Title VI of the ACA with the categorization of Transparency and Program Integrity. It has a number of important defined terms. “Applicable manufacturers” is broadly defined in the ACA provisions and even more broadly defined in the applicable Open Payments regulations found at 42 CFR § 403.902 implementing the Sunshine Act.  It basically encompasses any manufacturer of a drug, biologic or medical device that is made or sold in the United States.  The “applicable manufacturers” are required to report “payments or transfers of value” to “covered recipients” which are defined as physicians or teaching hospitals. The latter are hospitals that received payment for Medicare direct graduate medical education (GME), inpatient prospective payment system (IPPS), indirect medical education (IME), or psychiatric hospital IME programs in the prior year.  The reporting requirement encompasses not only direct but also “indirect payments or transfer of value.”  However, there is a statutory minimum threshold of $10.00 (with an annual aggregate of $100.00) to trigger the reporting requirement.  This threshold amount will be adjusted based on changes in the annual Consumer Price Index.

The statute requires reporting on both the form of payment and the nature of payment for each payment or transfer of value made by an applicable manufacturer to a covered recipient. The statute provides a list of categories for both the form of payment and nature of payment and gives the Secretary discretion to add additional categories.  The Act has the following form of payment categories:

  • Cash or a cash equivalent.
  • In-kind items or services.
  • Stock, a stock option, or any other ownership interest, dividend, profit, or other return on investment.
  • Any other form of payment or other transfer of value.

The Act includes the following nature of payment categories:

  • Consulting fees.
  • Compensation for services other than consulting.
  • Honoraria.
  • Gift.
  • Entertainment.
  • Food.
  • Travel (including the specified destinations).
  • Education.
  • Research.
  • Charitable contribution.
  • Royalty or license.
  • Current or prospective ownership of investment interest.
  • Direct compensation for serving as faculty or as a speaker for a medical education program.
  • Grant.
  • Any other nature of the payment or other transfer of value.

The Open Payments regulations permit physicians and teaching hospitals to register so as to review, dispute and correct information provided by the applicable manufacturers.  There is no right to preview the information before it is submitted.  The time period for disputing data is a very limited 45 days.  CMS will begin publishing the reported data on a public website later in 2014.  The information to be available on the website is to consist of

  • the name and address of the physician and specialty
  • the amount and date of the payment
  • the form of the payment, such as cash or stocks
  • the nature of the payment, such as consulting fees, gifts, or entertainment expenses the name of the drug, device, biologic, or medical supply involved.

The American Medical Association has recommended that physicians register with CMS and utilize the right to access and review reports regarding payments to them and also prepare to be transparent with patients regarding financial interactions with industry.

The quest for transparency is fundamentally illusory.  At its essential core, there is an intrinsic conflict in any payment made for professional services.  If the payment is based on the number or extent of services provided, there is an incentive to overutilize and inflate the expense.  If the payment is simply based on the fact of a patient encounter, there is an incentive to undertreat so as to limit the cost to the provider.  This is the space where professionalism must come in to engender and hold patient trust.  But the potential corrupting influence of payments from manufacturers to health care providers is an unfortunately recurring issue.  At the same time there are many interactions between physicians and manufacturers of pharmaceutical products, medical devices or other medical supplies that benefit patients and advance medicine and the ability to optimize outcomes and health.  There are strong arguments to support compensating knowledgeable and well-credentialed physicians who serve as consultants.  The consequences of alternatives could be dire.  The Sunshine Act transparency reports present the prospect of information overload as well as the limits of actual access to an internet resource.  Moreover these reports can provide patients and public with information that likely will be subject to interpretation but also too frequently misinterpretation.  Thoughtful commentators such as Professors Kathleen Boozang and Carl Coleman of SetonHallLawSchool have suggested that disclosure will not resolve all of the ethical and practical problems presented by conflicts of interest arising from financial transactions between physicians and pharmaceutical or medical device manufacturers.

Indeed, payment disclosures present the real risk of a socially unworkable framework for healthcare in the long term.  Attention is diverted from the scientific merit of the information presented and focus instead is given to the identity and presumed motives of those presenting the information.  But the Sunshine Act is the law of the land.

A number of states, such as California, Colorado, Connecticut, Maine, Massachusetts, Minnesota, Nevada, Vermont and West Virginia, as well as the District of Columbia have had laws requiring pharmaceutical or medical device manufacturers to report certain types of payments.  Pursuant to 42 U.S.C. § 1320a-7h(d)(3)(A), the Sunshine Act will preempt state laws requiring disclosure or reporting of the type of information described in it but explicitly leaves state regulation of other types of information unaffected.  In December 2009, the New Jersey Attorney General had released a report from the Division of Consumer Affairs that set forth recommendations regarding the impact of potential conflicts of interest on patient care and new polices to be considered by the Board of Medical Examiners, the Board of Pharmacy, and the Department of Health and Senior Services.  No regulations, however, were promulgated in follow-up to that report.  Nonetheless, as of the 2011-12 timeframe the Board of Medical Examiners has included questions in its biennial license renewal process concerning payments from pharmaceutical manufacturers and device manufactures.  The threshold used has $5,000 in the course of a year.  In addition, in 2011 disciplinary action was taken against several physicians for failing to disclose to their institutions where clinical trials were being conducted that they had an ownership interest in the device manufacturer of the product being studied and in connection with the renewal of their licenses.

In connection with the announcement of the reprimands, the Attorney General had declared that “[t]he undisclosed conflicts of interest on the part of these doctors undercut public trust in the medical profession. The Board has acted to maintain the integrity and high ethical standards that the public rightfully expects from their doctors.”

The opening act for the 1969 Woodstock festival was Richie Havens.  The most famous performance in his career was his later rendition of “Here Comes the Sun.”   Having the lyrics in mind, we will see if smiles return to any faces.

Cesarean Section Rates: Standard of Care or Standard of Fear and the Potential Impact of the Affordable Care Act

A recent New York Times article reported the filing of a lawsuit on behalf of a Staten Island woman alleging a forced cesarean section.  This may provide an impetus to look – once again – at the high rate of cesarean section deliveries and perhaps take the initiative to bring about some reforms within the context of reimbursement policy and the Affordable Care Act.

The concerns regarding cesarean section rates involve both the initial or primary delivery of a woman’s baby and the handling of repeat pregnancies.   In particular, controversy persists regarding vaginal birth after cesareans, the so-called VBAC procedure.  For a number of years, the cesarean section rate in New   Jersey has been in excess of 30% and approaching 40%.   The rate for c-sections in repeat pregnancies where the primary delivery was by c-section may even be higher, and the common belief is that once a woman delivers by c-section, she is destined to deliver all subsequent children by the same method.  According to some scales, New Jersey has the second highest cesarean section rate in the United States.  A 2009 publication of the World Health Organization stated that the acceptable level of cesarean section births is “not more than 15%.”  The United States Public Health Service had a similar target figure in 1998.

The New York lawsuit presents a number of challenging issues involving patient autonomy, bioethical standards, and the balancing of the sometimes divergent interests of mother and unborn child.  A published opinion of the New Jersey Appellate Division in Draper v. Jasionowski, 372 N.J. Super. 368, 858 A.2d 1141 (2004), recognized a duty on the part of the obstetrician to not only the pregnant mother but to her unborn child in the context of informed consent and the possibility of a cesarean section as opposed to a vaginal birth.   As a result of the vaginal birth in that case, the child developed an Erb’s palsy and suffered hypoxia and brain damage.  In contrast, the patient in the New York case had previously given birth by cesarean section procedures but wished to have a vaginal delivery for this child.  She refused consent.  The attending physicians explicitly “overrode” her decision and did the cesarean section because of the fetus being “at risk for serious harm without the C-section.”  There was an injury to her bladder in the course of the operation but a healthy child was born.

The decision-making leading to the performance of a cesarean section has many facets.    There are a number of clinical situations that present risk to the well-being of the fetus.  But there are times when c-sections have been done for the convenience of either the laboring mother or the attending physician.  The availability of staffing in some hospitals has also come into play.  Nonetheless, there are a number of studies that have demonstrated that the medical-legal concern of liability exposure influences the judgment of many physicians so as to lower the threshold for doing the operation.  See, e.g., Minkoff, Fear of litigation and cesarean section rates, 36 Semin. Perinatol. 390 (2012); Yang, Mello, Subramanian, & Studdert, Relationship between malpractice litigation pressure and rates of cesarean section and vaginal birth after cesarean section, 47 Med. Care 234 (2009).

The impact of the Affordable Care Act on malpractice claims remains to be seen.  In the view of some, the number of claims will increase as the number of people using healthcare services expand.  On the other hand, there are those who believe that fewer patients will need to bring claims because they will now have a means for covering the expense of their injury claims.  Medical malpractice reform is barely mentioned in the Affordable Care Act. Section 6801 articulates the nonbinding “sense of the Senate,” and recognized that health care reform presented an opportunity to address issues related to medical malpractice and “encouraged” States to develop and test alternatives to the existing civil litigation system to improve patient safety, reduce medical errors, and stimulate efficiency in the resolution of disputes while preserving an individual’s right to seek redress through the courts. Moreover, Section 10607 provides potential federal grant money to support demonstration or pilot programs to develop alternatives to tort litigation.

The many evolving changes being implemented through the Affordable Care Act make it likely that the malpractice aspect of healthcare will also change.  And change brings opportunity.

The issue of cesarean section rates can be one of these opportunities.

One path to consider involves effective use of Clinical Practice Guidelines (CPGs), an approach considered in the past but meriting renewed evaluation.   There are several underlying assumptions necessary for practice guidelines to exert influence in the context of litigation.  They have to be developed for conditions or procedures that frequently lead to events for which negligence claims are filed.  They have to be widely accepted in the medical profession and fully integrated into clinical practice.  They also must be straightforward and readily interpreted in a litigation setting.  Proposals have been advanced to give CPGs a role in medical malpractice litigation in several different ways. One requires that courts take judicial notice of CPGs as the standard of care, with deviations conclusively establishing negligence. An alternative and more sensible approach would have compliance with CPGs constitute an affirmative defense for physicians, but that deviations from CPGs should not be used as inculpatory evidence.  See, e.g., Bovbjerg & Berenson, The Value of Clinical Practice Guidelines as Malpractice “Safe Harbors,” Timely Analysis of Immediate Health Policy Issues: Urban Institute (2012);  Mello, Of Swords and Shields: The Role of Clinical Practice Guidelines in Medical Malpractice Litigation, 149 U. Penn. L.Rev. 645 (2001).  The increasing recognition of Evidence-Based Medicine holds out hope that effective CPGs could be developed with regard to the indication and non-indications for cesarean section procedures.

Another possibility involves reimbursement policy.  This might take several forms.  One might involve financial disincentives for elective cesarean sections, those performed before 39 weeks of gestation without a documented medical indication for the procedure.  Payments for a planned VBAC delivery that nonetheless become a cesarean section might be limited to centers that have a demonstrated adequate staffing and resources for these procedures.

There is a compelling public health need to explore and resolve the issue of cesarean section rates.  Babies born by Cesarean section are more likely to have breathing problems and to develop several chronic diseases, childhood-onset diabetes, allergies with cold-like symptoms and asthma.  The surgery presents risks to the mother, including infection, blood clots, wound healing problems, prolonged recovery, and permanent scarring.  That the New Jersey cesarean section rate of greater than 30% is not a necessary circumstance is manifested by the fact that in a few counties the section rate occurs in one out of four births.  One must wonder why.

References:

State of New Jersey, Department of Health, Safety and Quality in Maternity Care available at http://www.state.nj.us/health/fhs/professional/safequality.shtml

State of New Jersey, Department of Health – Maternal & Child Health Epidemiology: Cesarean Delivery: Comparing New Jersey Hospitals, 2012 available at http://www.state.nj.us/health/fhs/professional/documents/cdh_explanation.pdf

HIPAA/HITECH Data Breaches and Class Action Exposure?

A new adverse consequence for violations of HIPAA requirements for the security of protected health information and data may be emerging.  On February 28, 2014 the United States District Court for the District of Southern Florida entered an Order Granting a Motion for Final Approval of Class Action Settlement in Curry v. AvMed, Inc., Civil Action No. 10-cv-24513.  The District Court’s approval of the $3 million settlement is the conclusion of a litigation that had initially been dismissed for failure to state a cognizable injury by predicating recovery upon the spectre of injury in the form of heightened likelihood of identity theft rather than injury in fact and that the expenditure of time and money to combat future identity theft was not sufficient.  The case had gone to the Eleventh Circuit Court of Appeals which reversed and remanded the matter.  Resnick v. AvMed, Inc., 693 F.3d 1317 (11th Cir. 2012).  The settlement in effect implemented the approach promulgated by the Court of Appeals.

Violations of HIPAA’s requirements for security of protected health information as reinforced by the more recent HITECH and Omnibus Rule provisions have been drawing increasing scrutiny and severe enforcement from the Office of Civil Rights.  The $1.7 million settlement with WellPoint for security violations and the $1.2 million settlement with Affinity Health Plan for returning a leased photocopier without erasing the data on the hard drives are only recent instances of this phenomenon.  In addition to the substantial penalties that accrue at up to $50,000 per violation with each involved patient being a separate violation, there are the costs associated with the data breach notification requirements and the resultant negative publicity.

Civil lawsuits, especially in the form of federal class action claims, have not been a meaningful danger.  The lack of a private right of action for HIPAA violations is firmly entrenched.  The requirements for standing in a federal class action have worked to preclude most consumer litigation alleging data breach.  According to Clapper v. Amnesty International USA, 133 S. Ct. 1138 (2013), actual or imminent injury is necessary for Article III standing in a federal lawsuit and not simply the potential for injury.  Clapper was not a data breach claim but its analysis is applicable.  In addition, the Class Action Fairness Act of 2005, 28 U.S.C. § 1332(d) gives the district courts original jurisdiction over putative class actions where minimal, even if not complete, diversity of citizenship exists.  The Act permits removal of a lawsuit from state to federal court where there is a class of more than 100 people and the aggregate claims are more than $5 million, even if only state law claims are being made.  Thus, data breach cases are routinely removed to federal court which has been notably less hospitable to such claims.  However, data breach class actions may still be brought in state court.  Indeed, the Supreme Court recently held on January 14, 2014 that actions brought by state attorneys general are not removable to federal court. See Mississippi ex rel. Hood v. AU Optronics Corp., 134 S. Ct. 736 (2014).  This would include civil damage actions pursuant to HITECH for HIPAA privacy and security regulations by covered entities and business associates.  See generally 42 U.S.C. § 1320d-5(d).

The factual scenario in Resnick v. AvMed is unfortunately too familiar and recurrent.  Laptops with unencrypted protected health information of over a million health plan members were lost.  The court of appeals held that the pleading alleging that plaintiffs had experienced no identity theft before the data and discovered instances of identity theft about a year after the loss of the laptops set forth a sufficient cognizable injury with sufficient facts to allow a plausible inference that AvMed’s failure to secure the data resulted in identity thefts regarding the plaintiffs and that there was a sufficient nexus between the data breach and the identity theft.  The claims in Resnick were not based on HIPAA or HITECH provisions but rather Florida law.  However, a number of cases have used the HIPAA regulations as a “standard of care” for purposes of state law breach of confidentiality claims.

The February 2014 approval of the class action settlement may be the precursor of a lower threshold for data breach claims.  In contrast is the decision in the District of New Jersey in Polanco v. Omnicell, Inc., 2013 WL 6823265 (D.N.J. Dec. 26, 2013), in which a class action was dismissed for lack of injury-in-fact.  This was another lost laptop case, with PHI for thousands of patients that had been provided to a vendor of medication control and dispensing systems.  An employee’s laptop with this unencrypted information was stolen from a parked car.   The defendants included several hospitals and healthcare systems to which patients had provided their personal information while seeking healthcare treatment. (McElroy, Deutsch, Mulvaney & Carpenter, LLP was counsel of record for one of the defendants in the lawsuit).

Relying on Clapper, Judge Hillman found that plaintiffs had failed to allege sufficient injury-in-fact so as to have standing to bring the lawsuit in federal court.  The court found that Clapper was “controlling.”  In his opinion, Judge Hillman rejected the attempt by plaintiff to distinguish Clapper and claim that the current matter was not a data breach case.  Plaintiff asserted that the data breach had revealed that at least one of the hospitals was not HIPAA-compliant and that it continued in a failure to take corrective steps to prevent further dissemination and to compel the institutions to purge their records of her PHI.  The court noted that there was no private action under HIPAA and the enforcement responsibility rested with the Secretary of Health and Human Services.  Citing the Third Circuit decision in Reilly v. Ceridian Corp., 664 F.3d 38 (3rd Cir. 2011), it rejected the contention that time and expense for monitoring the consequence of the alleged data breach satisfied the injury requirement.   The court dismissed the complaint without prejudice based on lack of subject matter jurisdiction.

The Eleventh Circuit opinion in Resnick was issued before the SCOTUS opinion in Clapper.  Although the approval of the class action by the Florida District Court suggests a continuing vitality to the Resnick approach to standing and injury, decisions such as Polanco call into question whether it is still good law.  That remains to be seen.  But what is clear – and has been for some time – is that the costs associated with encrypting data are small in comparison to the costs of litigation, breach notification protocols, and potential penalties arising from failure to comply with HIPAA and HITECH.

Affordable Care and the Continuing Debate on Malpractice Damages Caps

The Affordable Care Act contains only a passing reference to malpractice tort reform in a section providing the “sense of the Senate” as well as establishing funding for pilot programs at the state level.  Lobbying efforts to achieve any significant tort reform measures were unsuccessful.  Those efforts included the pursuit of a federal cap on medical malpractice awards.  Such efforts at both the federal and state levels can be traced to the 1975 innovation in California with its passage of the Medical Injury Compensation Reform Act (“MICRA”) limiting noneconomic damages to $250,000.  California’s MICRA has withstood court challenges to its constitutionality.  A number of other states followed similar paths to that taken in California, enacting various iterations of the MICRA model; no such legislation has been enacted in New Jersey although such bills have been introduced in the legislature.   While some state courts around the country have upheld such legislation against constitutional attacks, there are several states that have found the legislation to violate several different constitutional guarantees.

The intensity of the debate over damages caps waxes and wanes.  Renewed activity is likely to be sparked by a March 24, 2014 ballot initiative in California to raise the cap amount from $250,000 to $1.1 million and an opinion filed March 13, 2014 by the Florida Supreme Court.  In Estate of McCall v. United States, 2014 WL 959180 (Fl. 2014), the court ruled that that state’s statutory cap enacted in 2003 limiting the wrongful death noneconomic damages that could be recovered in a medical malpractice case was an unconstitutional violation of the equal protection clause of the Florida constitution.  Five of the seven justices agreed with that conclusion but fractured over the reasoning to get to it.  The opinion for the court was actually a plurality decision rather than a majority.  There were two justices who dissented as to the entirety of the decision and who would have deferred to the legislature’s policy choice of enacting a cap of $1 million on noneconomic damages in medical malpractice cases involving death as being rationally related to legitimate state interests of decreasing medical malpractice insurance rates and increasing the affordability and availability of health care in Florida.

The issue in the case arose out of the prenatal care given to a patient at a United States Air Force clinic who was suffering from preeclampsia.  There was an extended delay in performing an emergency cesarean section.  Although a healthy baby was born, the mother went into shock and cardiac arrest.   The woman never regained consciousness and died four days later.   A lawsuit was filed under the Federal Tort Claims Act which provides that damages are determined by the law of the state where the tortious act was committed.  Sitting without a jury in accordance with the Federal Tort Claims Act, the trial judge determined that the economic damages for financial losses were in the amount of $980,462.40 and that there were noneconomic damages of $2 million in favor of the surviving family members.   The trial judge then proceeded to reduce the noneconomic damages recovery to $1 million pursuant to the Florida statutory cap for medical malpractice matters.   The trial judge rejected challenges to the constitutionality of the damages cap.  On appeal, the Eleventh Circuit rejected several components of the plaintiff’s constitutional challenges.  Estate of McCall ex rel McCall v. United States, 642 F.3d 944 (11th Cir. 2011).  These included the alleged violations of the Fourteenth Amendment’s Equal Protection Clause.  (The United States Supreme Court had declined to review constitutional challenges to California’s MICRA in Fein v. Permanente Medical Group, 474 U.S. 892 (1985) dismissing the appeal “for want of a substantial federal question.”). With regard to state constitutional challenges, the Court of Appeals concluded that there was inadequate state precedent and it used an available procedure to certify questions directly to the Florida Supreme Court.   It identified four questions to be addressed but the Florida Supreme Court chose to answer only one, which it rephrased in terms of the wrongful death noneconomic damages and equal protection.  Since the court found the constitution was violated, it did not need to address the remaining alternative grounds of challenge.  It emphasized the wrongful death claim as being of statutory nature and unknown at common law.  It did not address the constitutional status of the damages cap in a non-wrongful death context.

The equal protection deficiencies with damages caps have been articulated in various ways.  These include an arbitrary distinction between injured victims of medical negligence and persons injured through other forms of negligence or tortuous conduct and distinguishing the recovery available for a slightly injured person from that available for a severely injured person.  Interference with the right to a jury trial to resolve the extent of any damages award has also been involved.  The assessment of governmental purposes of reducing costs and assuring access to care has been subject to differing levels of scrutiny, affecting the conclusion reached by various courts.

While New Jersey does not have a statute generally applying to recoverable damages in medical malpractice cases, it has long had a statute limiting recoverable damages in malpractice claims against nonprofit hospitals.  N.J.S.A. 2A:53A-8.  As originally enacted this limit was $10,000.  The statute was amended in 1991 to increase the recoverable amount to $250,000.  This limitation only applies to the institution and not to employees or agents who can be identified as culpable actors.   The constitutional validity of N.J.S.A. 2A:53A-8 was challenged but upheld in Edwards v. Our Lady of Lourdes Hosp., 217 N.J. Super. 448 (App. Div. 1987).  The court noted that the limitation on the hospital liability was an exception to the complete immunity afforded to charitable institutions in a preceding statutory provision.  The constitutionality of the statute was again challenged in Johnson v. Mountainside Hosp., 239 N.J. Super. 312 (App. Div.), certif. denied, 122 N.J. 188 (1990).   Plaintiff argued that the statute was “special legislation” and violated the due process and equal protection clauses of the federal constitution and the comparable protections of the New Jersey constitution.  The intermediate appellate court upheld the statute’s constitutionality and further review was denied by the New Jersey Supreme Court.

There currently are bills pending in the New Jersey legislature that would cap recoverable noneconomic damages in a professional negligence action against a “health care provider” at $250,000.  Similar bills have been introduced in prior sessions but not been released from committee.  There is substantial literature looking at the impact of tort reform with damages caps on lowering direct and indirect costs of medical care and the access to health care.

Engaging in an analysis of malpractice tort reform – whether in the form of damages caps or otherwise – is likely to be critical to the full implementation of the Affordable Care Act.