Jump to Navigation | Jump to Content
American Bar Association - Defending Liberty, Pursuing Justice ABA Logo

ABA Section of Business Law


ABA Section of Business Law
Business Law Today
September/October 2000

Not so fast, it's regulated

Some warnings for the e-health biz

BY LAURA KEIDAN MARTIN

T he financing is in place and the management team is ready to go live with the latest, greatest e-health concept. But will the concept work from a regulatory perspective? In the rush to resolve financing issues, many e-health businesses give short shrift to this question.

While applying traditional health-law principles to e-health ventures can be like trying to fit a square peg into a round hole, companies whose business plans fail to take the regulatory framework into account face tremendous legal exposure.

This article highlights the primary regulatory risks faced by e-health businesses. Because these ventures run the gamut from pure content providers to health-care financing vehicles and actual providers of health-care services, the regulatory pitfalls vary based on the nature of the business.

Many e-health ventures have the laudable goal of improving accessibility to expert doctor advice. However, if not properly structured, such plans may unwittingly facilitate the unlicensed practice of medicine, an offense that many states classify as a felony. Doctors are regulated on a state-by-state basis and must be licensed by the board of the state where the patient is physically located at the time the services are rendered. Thus, a New York fertility specialist who provides advice over the Web to a childless couple in North Dakota could be subject to prosecution for the unlicensed practice of medicine in North Dakota.

The majority of state-licensing statutes have long carved out a consultation exception that allows doctors licensed in other states to "consult" on patient cases, provided that the consulting doctor works in tandem with or provides services at the request of a doctor licensed in the state where the patient is located.

However, state-consultation exceptions do not provide an across-the-board solution to unlicensed practice issues because most are premised on the infrequency of the consultations or final medical decision making by the in-state doctor. These exceptions simply are not intended to address the regular practice of telemedicine by an out-of-state practitioner.

State medical boards and legislatures are just beginning to evaluate how their licensing frameworks should address telemedicine services. The Federation of State Medical Boards (FSMB) endorsed model legislation (the "Model Act") in 1996 that would create a "special-purpose license" to practice medicine across state lines for a doctor holding a full and unrestricted license to practice medicine in any state.

This special-purpose license would not be required of doctors who engage in the practice of medicine across state lines less than "regularly or frequently," meaning less than once a month, less than 10 patients per year or less than 1 percent of the doctor’s practice. Nor would a license be required for medical services rendered in emergency situations or for doctor-to-doctor consultations across state lines, unless such consultations took place according to a formal, contractual agreement.

The FSMB specifically declined to endorse a model that would have created a single, nationwide license to practice telemedicine.

Several states have adopted legislation based on the Model Act, including Alabama, California, Montana, Oregon, Tennessee and Texas. Others considered but rejected legislation based on the Model Act, including Maryland, North Dakota and Wisconsin.

Indeed, there has been significant backlash against initiatives to relax licensure standards for telemedicine practitioners. Illinois and Georgia recently enacted statutes expressly barring the provision of medical advice or treatment using telemedicine technology absent a full, unrestricted license from the state.

Although most Web sites providing medical advice across state lines have escaped government scrutiny to date, the threat of prosecution is more than theoretical. For example, the Kansas attorney general sued a Honolulu gynecologist who provided Web-based consultations and prescribed birth control pills to women on the mainland. The gynecologist later ceased such practice. Authorities in at least 10 states have initiated investigations of doctors for prescribing drugs over the Internet under an unlicensed practice of medicine or substandard medical practice theory.

E-health ventures that provide financial incentives to steer patients to use the venture’s Web site, network or products may implicate various state and federal anti-kickback prohibitions . Kickback prohibitions also may be implicated if the e-health venture provides incentives directly to patients. Discount programs, promotions and marketing arrangements that are commonplace in other industries do not necessarily fly where health care is concerned.

The federal anti-kickback prohibition (42 U.S.C. §1320a-7(b) applies only in connection with items and services for which payment may be made under the Medicare, Medicaid or other government health-care programs. This statute is not a concern for the many e-health ventures that do not or cannot seek Medicare or Medicaid reimbursement.

However, many states have adopted kickback prohibitions that apply, regardless of payor . Some states have adopted prohibitions that apply only to certain designated health-care services; others apply to all health-care services, procedures and items. Some state kickback prohibitions are limited to remuneration paid to induce referrals. Others are patterned after the federal anti-kickback prohibition and prohibit the payment of remuneration as an inducement to recommend any health-care good or service.

Consider the following scenarios:

• A company has developed a portable device to perform a certain diagnostic test and transmit results via the Internet to the patient’s doctor who interprets and provides advice based on the test results. The company plans to encourage doctors to recommend usage of the device by paying them a "finder’s fee" for each of their patients who buys the device from the company.

• A virtual PPO pays doctors a part of the billings generated from patient referrals to other PPO doctors.

• A Web-based doctor-referral service charges doctors a per-referral listing fee.

• An online pharmacy gives free vitamins to customers who order their prescriptions online.

All of these common-sense marketing strategies generate potential kickback risk.

E-health businesses also need to structure their business models around state and federal self-referral prohibitions. At the federal level, the Stark Act (42 U.S.C. §1395nn) bars a doctor from referring a Medicare or Medicaid beneficiary for certain designated health services (including durable medical equipment) covered by the Medicare or Medicaid programs to an entity in which the doctor holds a financial interest (including his or her own practice), unless one of the many statutory or regulatory exceptions applies. Because Medicare and Medicaid typically do not cover telemedicine services or devices making use of Web-based technology, the Stark Act is not typically a major stumbling block.

But state self-referral prohibitions, which typically apply regardless of payor, can be a major obstacle. As in the case of kickback prohibitions, some state self-referral prohibitions apply only to certain health-care services. A small proportion of state self-referral prohibitions reach health-care devices.

Certain prohibitions only bar referrals to entities in which a doctor has an investment interest. Others bar referrals to any entity with which a doctor has any compensation relationship. In some states, self-referrals are permissible as long as the doctor’s financial interest is disclosed to the patient. Most self-referral prohibitions carve out a number of exceptions, including exceptions for referrals within a physician’s group practice.

A number of common e-health business strategies carry significant risk under state self-referral statutes. For example, while an e-health business may want to provide investment interests to referring doctors, doing so is inadvisable under most state self-referral statutes. Such prohibitions also might bar doctors from purchasing a device and selling it directly to patients. Accordingly, e-health businesses need to take state self-referral bans into account as they flesh out their business plans.

Many states bar corporations and other lay entities from practicing medicine and certain other health-related professions. Such corporate practice of medicine prohibitions typically prohibit such entities from employing doctors or from interfering in any way with a doctor’s exercise of independent clinical judgment.

For this reason, an e-health business that contemplates the employment of doctors or other health-care professionals should carefully consider whether it would be more prudent to engage such professionals on an independent-contractor basis. In addition, doctors should remain fully responsible for exercising independent clinical judgment in fulfilling their responsibilities to the company.

Many states have adopted statutes that prohibit doctors and other health-care professionals from dividing or splitting professional fees with others. Thus, if an e-health business requires doctors to pay over a portion of any charges or collections associated with services provided through any Web-based network or referral service, state fee-splitting prohibitions may be implicated.

E-health marketing and advertising is subject to regulation by the Federal Trade Commission and, where medical devices or pharmaceuticals are concerned, by the FDA. In addition, several states have enacted statutes that specifically regulate the advertising of health-care services and devices.

In many cases, health-care providers are prohibited from making claims of superior quality or results, particularly without objective, verifiable substantiation. Accordingly, a careful review of marketing plans and materials for compliance with applicable legal parameters is a prudent step for any e-health business.

Given the variety of confidentiality requirements and initiatives at both the state and federal levels, e-health businesses should institute safeguards to protect the confidentiality and integrity of patient information transmitted through the Web or other electronic means. The most sweeping requirements derive from the Health Insurance Portability and Accountability Act of 1996 (HIPAA — see related article in this issue of Business Law Today ), which required the promulgation of regulations governing the security and privacy of electronic health-care information maintained or transmitted by health-care providers, health plans and health-care clearinghouses.

Although other types of entities are not subject to the statute, draft regulations would require covered entities to enter into "chain of trust agreements" with their business partners to protect the privacy and integrity of electronic health information.

Final regulations, expected later this year, will impose a wide array of security requirements, including certification requirements, data back-up plans, personnel security, regular virus checks, access-control features, security incident procedures and authentication requirements.

And the privacy regulations will require specific patient authorization before individually identifiable health-care information may be used or disclosed for a variety of purposes. Unauthorized disclosures will carry steep criminal and civil penalties.

Depending on the business model, e-health businesses also may want to review the AMA’s Guidelines for Medical Information Internet Sites, published in March of this year, as well as state statutes governing medical record confidentiality and patient privacy requirements.

As a general matter, most payors currently do not reimburse health-care services provided by telemedical devices, with the exception of teleradiology and telepathology. Providers who submit claims for services provided through the Web or other electronic means as though such services were provided face-to-face are subject to fraud and false claims prosecution.

Payors are slowing becoming more receptive to paying for e-health services. As a result of the 1997 Balanced Budget Act, the Medicare program will now pay for professional teleconsultations provided to Medicare beneficiaries in designated health professional shortage areas.

However, in order to be reimbursable, the consultation must take place through an interactive audio and video telecommunications system that permits real-time communications among the patient, the consulting practitioner and the referring doctor. Phones, faxes and e-mail systems do not meet this requirement.

Most private payors and state Medicaid programs are similarly reticent to cover telemedicine services. But resistance is cracking, as an increasing number of commercial payors and Medicaid programs have announced plans to implement e-health pilot programs or to cover telemedicine consultations in certain defined situations.

The FDA has the authority to regulate medical devices, defined to include:

an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including any component, part, or accessory, which is intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or animals.

21 U.S.C.§ 321(h).

Not only does this broad definition encompass electronic medical devices, it also includes software and hardware intended for use in telemedicine applications. Indeed, the FDA has expressly asserted jurisdiction over records-management software used by blood banks and similar software products. As a result, e-health companies that promote telecommunications products as having medical applications become subject to the FDA’s premarket approval/notification, registration and listing, and other extensive regulatory requirements.

To the extent that an e-health business becomes a partner or contracts with a group or institution that is exempt from federal taxation, certain additional regulatory parameters may apply, including the prohibitions on private benefit and regulations governing unrelated business income.

Many e-health concepts involve the creation of virtual doctor networks or health-care financing mechanisms. Others merely offer claims processing, brokerage or other services that facilitate new health-care financing products. State departments of insurance commonly require licenses or permits for preferred provider organizations, third-party administrators and insurance brokers. Thus, even if an e-health business does not directly offer health insurance (which certainly would trigger state regulatory oversight and significant capitalization requirements), its activities may nonetheless be subject to state regulation.

E-health businesses need to be sensitive to their potential liability risks. For example, if doctors who do not have access to a patient’s complete medical record and who have never personally examined a patient interpret and provide advice based solely on a patient’s description of his or her own maladies or on diagnostic tests transmitted over the Web, the services may well be deemed to be inconsistent with the standard of care prevailing in the community where the patient is located.

Depending on the nature of the business, an e-health venture also might face liability for system shut downs or errors that result in delayed or misguided medical advice, breaches of implied warranties associated with software and medical devices and other tort or contractual claims. Accordingly, appropriate insurance, release forms and disclaimers are a must.

E-health businesses face the same panoply of legal issues as other dot.com and technology ventures — and then some. Paying proper attention to the health-care specific issues can spell the difference between a successful venture and one that ends up in a legal quagmire.

Martin is a partner at Katten Muchin Zavis in Chicago.

Back to September/October Business Law Today | Back to Business Law Home Page

Back to Top

Copyright American Bar Association. http://www.abanet.org