The ACA SCOTUS Decision in Plain English

As we all know from the "media drama" as some might call the countless media coverage, news articles, blogs and other posts, the Supreme Court of the United States ("SCOTUS") upheld the Patient Protection and Affordable Care Act ("ACA") on June 28th, 2012.  Although four questions were before the Court, it focused primarily on one--the challenge to the individual mandate to purchase insurance by 2014 or pay a "penalty". 

In an opinion closing in on almost 200 pages, the Court found, 5-4, that the individual mandate penalty was constitutional.  Although the government's Commerce Clause argument was rejected, Chief Justice Roberts bought one of its alternative arguments: that the individual mandate penalty was the functional equivalent of a "tax."  However, the Court rejected the penalty which would have been imposed on states that refused to expand coverage under their Medicaid programs. Although granting higher funds for Medicaid expansion is permissible, withdrawal of all Medicaid funds to those states that do not would not be. 

For those of you who have not and will not have the time to plow through and digest the lengthy opinion, here are some of the best "plain english" explanations of the Court's decision as well as some interesting commentary:

But for those of you with a spare weekend or a day on the beach, or those of you who may simply miss law school, break out your Kindle and a glass of wine or margarita to read the opinion and the dissents.  You can download the full opinion here, National Federation of Independent Business v. Sebelius, from the SCOTUS website.

HIE Liability and Insurance

Liability continues to be a central concern for HIEs and their stakeholders. In general, liability may arise from the acts or omissions of a party that fails to meet a responsibility or legal duty.  Last year, I discovered an excellent resource that summarizes liability coverage issues for Regional Health Information Organizations (RHIOs) that I would like to pass along to readers. Specifically, the Agency for Healthcare Research and Quality (AHRQ) published a Report in June 2009 that looked at key liability issues identified by RHIOs, as well as insurance options.  

Here are some of the key points the Report makes regarding liability concerns, as well as a few thoughts of my own:

  • Liability for Data Storage and Management.  How data is stored and managed (e.g., by the RHIO versus by its participants) will affect the distribution of liability. In general, the more authority and responsibility that the RHIO possesses in connection with the data, the more liability coverage it will need to take on. I agree.
  • Liability for Accuracy and Completeness.  Both data suppliers and data users are concerned about their respective liability in relation to data being accurate and complete.  RHIOs often will contractually limit their liability for accuracy of data supplied, or received and used.  However, if the RHIO manipulates the data in transit in anyway, it could be held responsible for such intervening acts. I note that data senders and receivers are also typically required to carry insurance and assume contractual responsibility for supplying accurate and complete data to the RHIO.
  • Duty to Review.  In a previous blog post, I discussed providers’ concerns that joining a RHIO/HIE will create a duty to review all information about a patient contained in the RHIO/HIE, and this will potentially expose them to an increased risk of “missing” relevant information. In my post, I noted why I thought that the role of HIEs in connection with the "standard of care" is still evolving. The Report additionally notes that:

there are no widely recognized standards for reasonable physician behavior in seeking or reviewing electronically available data, or for the extent to which that data should inform his/her clinical decisions.

  • Liability for Audit Logs.  The Report points out that some RHIOs have recently been compelled via subpoena to provide audit information for malpractice lawsuits involving the RHIOs participants. Although a RHIO may be legally obligated to respond to a subpoena, I note that it is still important that HIPAA’s standards for releasing PHI in response to a subpoena are complied with. 
  • Extending Liability to IT Vendors.  If the IT vendor provides any software, integration services, and operational services for the RHIO, the vendor should assume responsibility for their actions.  The Report noted that one factor that strongly influenced the amount of liability assigned to IT vendors was the negotiating power of the RHIO. The type of coverage in their liability insurance that the IT vendors were asked to carry varied, but typically total liability coverage ranged between $1 million and $3 million.

With regard to insurance coverage, the Report made the following additional points: 

  • Researching, negotiating and obtaining liability coverage takes time. Get started early.
  • There remains a high degree of uncertainty with regard to what constitute adequate coverage.
  • Insurance policy options for RHIOs are growing, but remain limited.
  • There is wide variability in liability insurance practices across RHIOs.
  • Sovereign immunity has its advantages and disadvantages. On this last point, the paper notes that while some are strong proponents of State immunity for RHIOs, citing such benefits as increased stakeholder participation, decreased start-up costs, and long-term sustainability, others are skeptical and noted that if State immunity is available, RHIOs may not be as rigorous in establishing privacy and security controls, and that stakeholders may then be targeted for lawsuits instead.  

In sum, the Report illustrates some of the complex liability questions that are being addressed in the RHIO context, and this is without even getting into other areas such as directors' and officers' liability, as well as security breaches across RHIO participants. Navigating this complex and uncertain landscape continues to be challenging, but those getting started now have some benefit from lessons learned by others over the last year, and well as a slightly more mature insurance market primed to RHIO and HIE risks.