E-health ventures pose complex compliance risks
Licensure, Stark, and the kickback statute are among the land mines in e-health’s regulatory landscape
While the regulatory landscape of e-health is only beginning to take shape, hospitals and physicians are running a serious risk if they believe this area is immune from existing regulatory constraints, experts warn. "A lot of people believe that because this is e-commerce, the basic rules don't apply, but the important point is that they do," argues Edward Kornreich, a health care attorney with Proskauer Rose in New York City.
According to Kornreich, all of the fundamental principles regarding licensure and tax exemption and, most importantly, compliance with Stark and the anti-kickback statute apply to e-health.
Kornreich says one critical issue for not-for-profit hospitals is how they structure their relationships regarding on-line transactions with sponsors and others. How they structure them could result in inurement or taxable income, he warns.
Health care attorney Guy Collier of Shaw Pittman in Washington, DC, says that, among the current Web-based models, equity sometimes is offered to hospitals and health systems in part based on volume of purchases. Gadi Weinreich, a partner with the same firm, adds that arrangements can also be flat-fee or based on the number of hits, as well as discount arrangements.
Kornreich says the second critical issue providers must consider is licensure. That means hospitals must make sure they are appropriately licensed in every jurisdiction in which they provide services. For example, if patients are receiving care through telemedicine, providers must be certain the person providing those services is licensed in the state in which the patient is located.
"You need to look at licensure and whether or not you are practicing medicine across state lines," concurs Collier. But he adds that other provider licensure laws that govern nonphysicians who happen to be licensed by state law also must be considered. "The same range of issues arises there," he says.
The third key component for hospitals is to make sure they are compliant with anti-kickback and Stark self-referral laws, Kornreich says. "That is probably the area where they will most easily find themselves out of compliance," he contends. Kornreich says hospitals may be tempted to offer physicians benefits in order to facilitate the implementation of e-health by their medical staff. Benefits as simple as providing telephone lines can raise anti-kickback issues.
Collier agrees that the most obvious land mines are the federal anti-kickback laws and state all-payer statutes that capture nonfederal program-related business. But he adds that while state laws mimic the federal anti-kickback statute in many respects, the state laws prohibiting self-referral are sometimes even more restrictive.
Collier also cautions that while there is no shortage of existing laws that govern Web-based relationships between hospitals, Web site vendors, physicians, suppliers, and patients, the
e-health landscape is changing rapidly.
For example, he notes that a tremendous number of content-based providers that previously attracted private sector money but were not producing revenues have begun to produce revenue. That has led to an increase in business-to-business applications where vendors deal with hospitals or physicians, as well as business-to-consumer applications where vendors deal with patients or health care organizations.
Many of these arrangements raise concerns about patient privacy, according to Collier. He notes that the California Health Foundation studied the 21 most heavily trafficked health care consumer Web sites and found that while 19% had privacy statements, those statements were largely inadequate and not adhered to.
Another 18% utilized cookies to track consumer activity on the Internet. Moreover, most of the 21 sites surveyed shared information with third parties.
Regardless of whether the privacy regulations required by the Health Insurance Portability and Accountability Act of 1996 are released this year, he says providers must be aware of state laws and aggressive enforcement of those laws.