Author Archives: Jeffrey Lynne

About Jeffrey Lynne

Jeffrey C. Lynne is a South Florida native, representing individuals and business entities relating to licensing, accreditation, regulatory compliance, business structure, marketing, real estate, zoning and litigation pertaining to substance abuse treatment facilities and sober living residences. Mr. Lynne has been recognized across the region as a leader in progressive public dialogue about the role that substance abuse treatment has within our communities and the fundamental need and right to provide safe and affordable housing for those who are both in treatment for addiction and alcoholism as well as those who are established in their recovery.

DCF Updates Rules Regulating SUD Treatment Providers

Today (technically on 8/9), DCF released its Final Version of the rewrite of the rules regulating treatment providers, found within Chapter 65D-30 of the Florida Administrative Code.

A copy of the Final Rules is attached and is expected to be considered “final” as of 8/29/2019.

We want to give a shout out to attorney Benjamin Hefflinger, Esq., who also represents providers in this space, for running the attached redline comparison so you can see what has changed (and a lot has changed).

My prior commentary and highlights of the rule changes can be found in prior blog posts.

Since this change impacts how a treatment provider conducts its operations going forward, it is strongly suggested that providers work with their in-house licensing consultants/compliance officers to review the changes to make sure you are adequately informed.

This email and all blog posts are not intended to replace legal advice from a Florida licensed attorney and is being offered for informational purposes only.

Click here for “Chapter 65D-30” Click here for “65D-30 (Compared result)”

EMRs and the Sale of Patient Data, Part 1

Amongst all aspects of regulatory compliance as an addiction treatment provider, the privacy and security of Patient Health Information (“PHI”) as well as protecting Patient Identifying Information (“PII”) appears largely misunderstood. The requirement of privacy and security of patient information stem in part from both HIPAA (the “Health Insurance Portability and Accountability Act” of 1996) and the HITECH Act of 2009 (the “Health Information Technology for Economic and Clinical Health Act”), the latter of which was created to motivate the implementation of electronic health records (“EHR”) and supporting technologies to start to be able to data crunch and see a patient’s “whole health” picture before any given physician. [Note: EHRs are the aggregation of health data from a patient; EMR or Electronic Medical Records, are the electronic equivalent to charting within a health care provider’s office.]

A patient’s PHI is more and more regularly kept as an electronic medical record – a single practice’s digital version of a patient’s chart. An EMR contains the patient’s medical history, diagnoses and treatments by a particular physician, nurse practitioner, specialist, dentist, surgeon or clinic.

In contrast, electronic health records are larger data sets, which are aggregations of data from EMRs, designed and intended to be shared with other providers, so authorized users may instantly access a patient’s EHR from across different healthcare providers and platforms.

Within this space of Health Information Management, the governing laws have essentially two main parts: the Privacy Rule, and the Security Rule.

The Privacy Rule addresses what PHI and PII must be protected from unauthorized disclosure The Security Rule essentially discusses the steps that a provider of holder of PHI and PII must take to secure such data, including in its transmission to another authorized party (often what is referred to as a “Business Associate.”). “Patient Identifying Information” includes “the name, address, social security number, fingerprints, photograph, or similar information by which the identity of a patient can be determined with reasonable accuracy and speed either directly or by reference to other publicly available information.”  Both PHI and PII must be secured and protected.

The Privacy Rule describes the ways in which covered entities can use or disclose PHI, including for research purposes. In general, the Rule allows covered entities to use and disclose PHI for research if authorized to do so by the subject in accordance with the Privacy Rule. In addition, in certain circumstances, the Rule permits covered entities to use and disclose PHI without authorization for certain types of research activities. For example, PHI can be used or disclosed for research if a covered entity obtains documentation that an Institutional Review Board (IRB) or Privacy Board has waived the requirement for authorization or allowed an alteration. The Rule also allows a covered entity to enter into a data use agreement for sharing a limited data set. There are also separate provisions for how PHI can be used or disclosed for activities preparatory to research and for research on decedents’ information.

However, if the data is de-identified, then the data itself is not PHI as a matter of law, and therefore is not protect by HIPAA’s Privacy Rule. PHI excludes health information that is de-identified according to specific standards. Health information that is de-identified can be used and disclosed by a covered entity without authorization or any other permission specified in the Privacy Rule.

De-identified patient data is health information from a medical record that has been stripped of all “direct identifiers”—that is, all information that can be used to identify the patient from whose medical record the health information was derived. According to the Health Insurance Portability and Accountability Act (HIPAA), there are 18 direct identifiers that are typically present in patient medical records. These include: Names; Geographic subdivisions smaller than a state (e.g. street address, city and ZIP code); All dates that are related to an individual (e.g., date of birth, admission); Telephone numbers; Fax numbers; Email addresses; Social Security numbers; Medical record numbers; Health plan beneficiary numbers; Account numbers; Certificate/license numbers; Vehicle identifiers and serial numbers, including license plate numbers;  Device identifiers and serial numbers; Web universal locators (URLs); IP address numbers; Biometric identifiers such as fingerprints and voice prints; Full-face photographic images; and Other unique identifying numbers, characteristics or codes.

According to HIPAA, there are 3 acceptable ways to de-identify patient data. The first is the “safe harbor” option, in which all 18 identifiers are removed. The second is the “statistical” option, in which a retained statistician determines which of the 18 identifiers can be maintained without creating greater than a “very small” risk that the data could be re-identified. The third is the “limited data set” technique, in which the organization removes 16 identifiers and protects what remains with special security precautions.

As a result, both PHI and de-identified health data has been lawfully used for years to help find medical breakthroughs, improve care, estimate the costs of care, and support public health initiatives.

More recently, “big data” companies like Google, Amazon and Apple have been getting into the health care data space. Back in 2016, Google partnered with England’s NHS using Google’s “Deep Mind” subsidiary which was granted access to medical records on 1.6 million patients who had been treated at some time by three major hospitals. The purpose of this data mining was a joint effort between Google and the Royal Free NHS Trust to develop a diagnostic app for detecting acute kidney injury. (see,

However, if one can de-identify the information, meaning, remove those aspects of a chart or file or data set that contains PII, then the rules governing privacy and security effectively go away.

So why does this matter?

This begins the brief discussion of this post – the massive unground economy which has evolved around the brokering of de-identified PII and PHI to third-parties.

“Why would anyone pay for that,” you ask?

The offspring of that evolution in medical data brokering and big number crunching is a not-so-new economy that is using your health care data, and that of your patients, for profit.

One of the most prolific writers and outspoken critics of this underground economy of medical data brokering is Adam Tanner, a fellow at Harvard University’s Institute for Quantitative Social Science and author of “What Stays in Vegas: The World of Personal Data — Lifeblood of Big Business — and the End of Privacy as We Know It” and “Our Bodies, Our Data: How Companies Make Billions Selling Our Medical Records.”  According to an interview Tanner gave to Time Magazine in 2017, “prescription records, blood tests, doctors’ notes, hospital visits and insurance records are all sold to commercial companies, which gather years of health information on hundreds of millions of people,” which de-identified data is then sold to various entities including insurance companies, researchers, and you guessed it, Big Pharma.

In a comprehensive article published in Scientific American written by Adam Tanner, he summarizes it best:

“Health researchers are not the only ones, however, who collect and analyze medical data over long periods. A growing number of companies specialize in gathering longitudinal information from hundreds of millions of hospitals’ and doctors’ records, as well as from prescription and insurance claims and laboratory tests. Pooling all these data turns them into a valuable commodity. Other businesses are willing to pay for the insights that they can glean from such collections to guide their investments in the pharmaceutical industry, for example, or more precisely tailor an advertising campaign promoting a new drug.”

How much are they willing to spend? reported back on May 8, 2019, that the EMR market alone is growing at 6% annually, now topping $31 billion dollars annually.  Within the EMR economy is the recognition that Big Pharma has been willing to pay big bucks for EMR vendor data, such as prescriber habits, outcomes-related data, or connecting the e-prescribing function with copay and formulary data.  Pfizer is on record as stating that, as of 2016, it was spending $12 million dollars annually to acquire anonymized health data.

In addiction medicine, this sharing of information is very important amongst researchers to begin to find long-term cures to heal the addicted brain. For insurance carriers, it may become a source to help identify effective “evidence based outcomes” and modalties.  For Big Pharma, they want to follow who is prescribing MAT (and who is not) to get everyone on their latest and greatest magic pills.

So the takeaway question is this – if you are a health care provider/addiction treatment center, do you know what’s going on with your patient health data you are uploading to your EMR?  And equally important, is your EMR legally selling your acquired data, and then cutting you out?  What about the patients? Who are the “brokers” in this space?

On this point (and a topic of future blog posts on this subject), most states including Florida had adopted laws which provide that such patient data is owned by the health care provider, not the patient (and thus, not the EMR either).

So is your EMR provider controlling or even selling your patients’ data, without your knowledge or consent? And if so, to who, and why?

Thanks again for reading, and please “Like” our Facebook page where we share daily news articles of interest.

Prosecutors bring rare criminal charges against Ohio opioid distributor

Federal prosecutors in Cincinnati filed criminal charges Wednesday against an opioid distributor and two of its top former officers, including its Compliance Officer, accusing them of conspiring with doctors and pharmacies to pour millions of addictive pain pills into Ohio, West Virginia and Kentucky.

The indictment of Miami-Luken, its former president and its former compliance officer was the second time in three months that federal prosecutors have used criminal laws against a drug distributor in their efforts to stem the prescription opioid epidemic. That is a more aggressive posture than the Justice Department has used since 2007, when it began using civil and administrative actions to enforce laws against drug distributors.

“There’s a need, in my opinion, to devote sufficient charges right here and now to stop the dying,” U.S. Attorney Benjamin C. Glassman said about why the agency used criminal statutes. “We have to devote the resources to cut off the supply of the drugs, whether it’s synthetics or it’s prescription opioids or both.”

In April, we also reported that the U.S. attorney in New York brought criminal charges against Rochester Drug Cooperative, another opioid distributor, in the first use of that tactic against a middleman in the drug supply chain.

Many will recall that a 2017 “60 Minutes” report uncovered that DEA investigators wanted criminal charges filed against executives of the largest drug distributor in the United States, McKesson Corp., after they built a case against the firm alleging violations in nine parts of the country. But they were rebuffed by federal prosecutors and the Justice Department, which settled with the company and fined it $150 million.

Read more here.

DCF Releases Further Changes to Treatment Regulations in 65D-30

On June 25, 2019, the Florida Department of Children and Families (DCF) released its latest “Notice of Change” relating to further proposed and revised revisions Chapter 65D-30 of the Florida Administrative Code. These rules govern the licensure, management, regulation, as well as service delivery of care relating to Substance Use Disorders.

DCF first issued its “Notice of Proposed Rules” in December 2017 and held live and video-conferenced public hearings across the state to take public input. This rule re-write was based upon a mandate by the Florida Legislature in 2017.

Since that time, there have been two (2) proposed changes or revisions; one published in October 2018, and now the one published just last week.

Understanding the changes are difficult at best as the 2018 and 2019 revisions to the 2017 proposal are not drafted as a redline of the currently enacted rules (pre-2017 version). There is a lot of back-and-forth cross-referencing required to try to piecemeal the entire thing together. It is a very time-consuming and laborious task that may cause even the most astute reader (or lawyer) to simply throw up their hands (or, simply just throw up).

We are currently unaware of when a hearing on the proposed changes may take place.  For clients who are interested in knowing more, please contact us so that we can work with you on this very important matter.

Below are a few comments on items that we gleaned from the current 2019 proposed revisions. This information is intended simply to make the reader aware of the proposed changes and is not intended to be an analysis of the proposed changes or to be a substitute for clinical, compliance and/or legal counsel to determine the impact any of these proposed changes may have upon ownership, management, operations and service delivery.

Please also note that further revisions to the proposed rule changes beyond the June 25, 2019 version may occur as a result of the recent adoption of HB 369 (2019), signed by the Governor on June 28, 2019, and codified as Chapter 2019-159, Laws of Florida, particularly with regard to expanded Level 2 background screenings as well as the new, revised exemption from disqualification application process and categories, and mandatory timeframes that DCF must now follow.

  • Definition of “Best Practices” –Proposed Rule 65D-30.004(1) continues to mandate all administrative and clinical services now must align with “current best practices,” defined to mean: “the combination of specific treatments, related services, organizational and administrative principles, core competencies, or social values designed to most effectively benefit the individuals served.  Best Practices also include evidence-based practice, which is subject to scientific evaluation for effectiveness and efficacy.  Best Practice standards may be established by entities such as the Substance Abuse and Mental Health Services Administration, national trade associations, accrediting organizations recognized by the Department, or comparable authorities in substance use treatment.”
  • Change of Ownership/Transfer of Licensure –  Proposed Rule 65D-30.0034 is dedicated to the topic of “Change in Status of License.” The 2019 revision offers a further change to what was proposed in 2018 to align with the statute and clarifies that a “change of ownership” occurs when greater than 50% of ownership, shares, membership, or controlling interest of a licensee is in any manner transferred or otherwise assigned.  The 2018 version had stated “51%.”  A change in ownership of less than a majority of the ownership interest in a licensed entity is proposed to only require submittal of a local and Level 2 background check.
  • Clinical Supervisor – The proposed definition seeks to track recent amendments to Florida Statutes and states: “Clinical Supervisor” means a person that manages personnel who provide direct clinical services, or a person who maintains lead responsibility for the overall coordination and provision of clinical services. A “Clinical Supervisor” shall meet the qualifications of a “Qualified Professional” as defined in s. 397.311(34), F.S. For the purposes of this Rule Chapter a Clinical Director is considered a Clinical Supervisor.”
  • License Applications and Renewals –Proposed Rule 65D-30.0036 (“License Application and Renewals”) made some new additions, updated further in the recent 2019 version. Some key takeaways are:
    • Applications require proof of compliance for all licensed facilities, including community housing, with local health, fire, and safety inspections. This seems to be an attempt to eliminate the use of private fire inspectors.
    • In addition to the CEO, now CFOs and Clinical Supervisors must also provide information on their competency and ability to fulfill their roles and compliance with the rules, “including education, previous employment history, and list of references.”
  • Self-Administrative of Medication in Community Housing – within Rule 65D-30.004(7) under “Medical Services” is new language requiring specific standards and criteria for supervision of the self-administration of medicine within a Community Residence setting under a PHP license.  The rule mirrors the same requirements as in clinical settings.
  • Violations and Penalties – Proposed Rule 65D-30.0038 entitled “Violations; Imposition of Administrative Fines; Grounds” adopts statutory penalties enacted in 2017; this 2019 proposed revision to the rule emphasizes that it shall be deemed unlawful to: (i) operate a service without a license; and (ii) fail to inform DCF of a change of ownership within the specified timeframe [5 business days]. These omissions will now incur additionally penalties and fines.
  • Medical Directors & Number of Facilities – DCF has endeavored to try to create a methodology for determining the maximum number of individuals a Medical Director may serve (noting that a “medical director” is only still required for addiction receiving facilities; detoxifications; intensive inpatient treatment; residential treatment; and methadone medication-assisted treatment). This methodology, found within revised Rule 65D-30.004 (“Common Licensing Standards”), subsection (6), breaks down the maximum number of patients that can be under a single Medical Director’s supervision in a chart format, based upon license type.  However, a Medical Director is still not required for outpatient services.
  • Critical Incident Reporting –DCF has attempted to incorporate into rule the IRAS critical incident reporting tool, CFOP 215-6, for ease of reference. Mandatory reporting must now occur within 24 hours of the incident occurring, different than the existing language of “one (1) business day” and continues to include: “Events regarding individuals receiving services or providers that have led to or may lead to media reports.”
  • Delivery of Clinical Services – Proposed Rule 65D-30.0046 entitled “Staff Training, Qualifications, and Scope of Practice” appears to continue to require that all clinical services now be provided by either the Qualified Professional or by persons with specific degrees or recognized certifications.  It remains UNCLEAR however, whether non-clinical staff may still continue to provide therapy and counseling, as well as the new “recovery support services”; “crisis intervention” and “counseling with families, couples, and significant others” even when working “directly under the supervision of a qualified professional.”  It seems that only certain persons may now provide such “counseling services” and includes, but is not limited to: (i) persons with a bachelor’s or master’s degree with a major in a relevant field; (ii) certified addiction professionals, certified by the Florida Certification Board; and (ii) certified addiction counselors, also certified by FCB.
  • Day or Night Treatment with Community Housing (PHP) Licenses – Proposed revisions to Rule 65D-30.0081 states: “The housing must be provided and managed by the licensed service provider, including room and board and any ancillary services needed, such as supervision, transportation and meals.”  This is in response to inquiries as to whether third-parties may provide such Community Housing. What remains unclear is how this is to be implemented. At a minimum, it would seem the treatment center must be the primary tenant on any lease, even if ownership is the same.
  • Residential Treatment – Rule 65D-30.007 is proposed for significant overhaul going back to the original 2017 version of the rules and carrying over into the 2018 revisions (the recent 2019 amendments left the 2018 changes in place). DCF seeks to restructure Residential Level 1 into “Adult Level 1” and “Adolescent Level 1” and does the same with Level 2 programs. DCF continues to seek to eliminate Residential Level 5 programs (we were hoping they would reverse course in the 2019 version based upon overwhelming opposition from providers). It remains to be seen how this will be resolved, such as whether these licenses will be “grandfathered in” particularly in instances where DCF was directly involved in assisting with obtaining the Res. 5 approval to meet nuanced (i.e. discriminatory) local zoning requirements that did not otherwise allow inpatient treatment in their cities.

Again, this information is intended simply to make the reader aware of the proposed changes and is not intended to be an analysis of the proposed changes or to be a substitute for clinical, compliance and/or legal counsel to determine the impact any of these proposed changes may have upon ownership, management, operations and service delivery.

The proposed rule changes are not final and still must go through a process for final adoption.

If you have received this post from someone else and are not a subscriber to our newsletter, please make sure to sign up at, where you can also find other articles, editorials, and commentary of interest.

Click here to find out more

What the New DOJ Compliance Program Guidance Means to Health Care

By Michael W. Peregrine, McDermott Will & Emery LLP;  Katherine Lauer, Latham & Watkins LLP; and Tony Maida, McDermott Will & Emery LLP

Original written for, and published by, the American Health Lawyers Association, May 10, 2019

[Editor’s Note: With the adoption of the SUPPORT Act of 2018 and its inclusion of the “Eliminating Kickbacks in Recovery Act” which now expands federal jurisdiction in the SUD treatment regulatory space to private-pay providers as well, it is far past time for licensed service providers to begin to take very seriously the development of an effective compliance program, consistent with US Department of Justice Guidelines, in order to both mitigate risk, as well as to be able to identify new risk quickly and effectively when it arises.]

The health care compliance industry recently received a new addition to the compliance program guidance library that continues the discussion of the government’s viewpoint on measuring compliance program effectiveness.

The guidance document, entitled “The Evaluation of Corporate Compliance Programs,” was issued by the Department of Justice (DOJ) Criminal Division on April 30, 2019, updating a prior version issued by the Criminal Division’s Fraud Section in February 2017. Ten pages longer than the 2017 version—many of the revisions provide additional context to how DOJ expects prosecutors to analyze a company’s compliance program, while also harmonizing the guidance with other Department guidance and standards.

The 2019 version stresses the adequacy—rather than the simple existence—of a corporation’s compliance program. Whether the organization had any compliance program at the time the misconduct occurred, and the quality of the program, affects the resulting (a) form of any resolution or prosecution; (b) monetary penalty, if any; and (c) compliance obligations contained in any corporate criminal resolution. Prosecutors are instructed to consider whether the compliance program has been tested and proven to prevent or detect misconduct, and whether simple changes and improvements could correct the misconduct that gave rise to the legal issue.

The new guidance document discusses in detail the three main thematic questions that prosecutors should use in evaluating corporate compliance programs: (1) whether the program is well-designed; (2) whether the program has been applied earnestly and in good faith (in other words, effectively implemented); and (3) whether the program actually works in practice. DOJ dispensed with the 2017 document’s structure, moving from a series of questions about the characteristics of a compliance program into a discussion of how these three main thematic questions can be used to draw out information to show that the compliance program is adequate and effective.

Part I: Design

DOJ first examines the compliance program’s design as the starting point for an effectiveness review. One hallmark of a well-designed compliance program is whether the program’s risk assessment program is designed to detect the particular types of misconduct most likely to occur in the company’s line of business and whether that risk assessment is updated periodically. This approach acknowledges that compliance programs need to prioritize risks to properly focus time and resources to the risks that pose greater importance to the business than other, possible, but less likely risks. Much of DOJ’s further discussion of risk assessment and program design keys off of this concept:

  • Policies and procedures—DOJ looks at company policies and procedures for content addressing risks and showing a commitment to a culture of compliance and ethics.
  • Training and communications—Here, DOJ examines whether the program is being disseminated to, and understood by, employees in practice in order to decide whether the compliance program is truly effective, including providing appropriate resources for guidance.
  • Confidential reporting structure and investigation process—DOJ’s review will examine whether the program provides an efficient and trusted mechanism by which employees can anonymously and confidentially report allegations of a breach of the code of conduct, a company policy, or suspected/actual misconduct, as well as an efficient and effective investigation response.
  • Third party management—DOJ will ask whether the program applies risk-based due diligence to vet its third-party relationships, with a focus ranging from specificity of contract terms to the third-party’s reputation.

M&A—Finally, DOJ reviews whether the program ensures comprehensive due diligence of any acquisition targets.

The main lesson from this discussion is DOJ’s focus on the effectiveness of the company’s risk assessment and the manner in which the company’s compliance program has been tailored based on that risk assessment. DOJ expects that an effective compliance program evolves over time as new risks emerge and as the company develops new strategies to address them. The new focus on M&A diligence reflects a pattern that DOJ has seen time and again—those situations where a new owner finds itself saddled with ongoing compliance issues, and the attending liability, when its diligence activities have been insufficient to identify historical non-compliance.

Part II: Implementation

DOJ next moves to discussing the features of effective implementation of a compliance program, including commitment by senior and middle management, autonomy and resources, and incentives and disciplinary measures. Helpfully, DOJ continues to acknowledge that there is no “one size fits all” for compliance program structure and consequent implementation, but that these decisions depend on the size, structure, and risk profile of the particular company. The implementation discussion includes:

Commitment by senior and middle management—Consistent with all of DOJ’s statements on individual accountability (e.g., Yates Memo), DOJ unsurprisingly scrutinizes whether the company’s leadership fosters a culture of ethics and compliance with the law and demonstrates a personal, shared commitment to compliance.

Autonomy and resources—A longstanding issue for the government’s examination of program effectiveness is whether the program gives adequate authority and stature to those charged with day-to-day oversight.
Incentives and disciplinary measures—Another longstanding government concern is whether the program establishes incentives for compliance and disincentives for non-compliance, including clear disciplinary procedures, with a focus on consistency.

A key takeaway from the implementation discussion is a focus on “tone at the top” and other indications of support for the compliance program from gatekeepers, executive leadership, and the board. DOJ will look not only at what senior management says, but at how senior management treats compliance professionals. A company that gives lip service to compliance, but denies its compliance professionals the title, authority, and resources necessary to effectively implement the program will not be viewed favorably.

Part III: Actual Operation

Finally, DOJ ends its thematic analysis with metrics for asking whether the compliance program is in fact operating effectively. Importantly, DOJ acknowledges the fact that some misconduct occurred does not necessarily mean that the compliance program is ineffective. However, consistent with long-held views of the Department of Health and Human Services Office of Inspector General, detection, remediation, and resolution of misconduct is described as an important sign that the compliance program is effective.

Continuous improvement, periodic testing, and review—DOJ’s review concerns whether the program has the capacity to improve and evolve with changes in company business and the environment within which it operates, including whether the company makes meaningful efforts to review its compliance program and ensure it does not lose strength.

Investigation of misconduct—DOJ articulates a strong focus on whether the program has a well-functioning and appropriately funded mechanism for the timely and thorough investigations of any allegations or suspicions of misconduct by the company, its employees, or agents that includes meaningful documentation.

Analysis and remediation of any underlying conduct—Another traditional area for government examination is whether the company is able to conduct a root cause analysis of misconduct and timely and appropriately remediate to address the root causes.

DOJ’s main message with this factor is a strong focus on how the company both detects misconduct and responds to situations in which misconduct is detected. Once again, DOJ focuses on the need for a compliance program to adapt to new risks and develop new controls as the business environment changes. And once again there is a strong message from DOJ that a compliance program must be sufficiently resourced so that the company can effectively and rigorously investigate alleged misconduct.


Given all the risks health care companies face in operating in a highly regulated environment, a well-functioning and effective compliance program is a critical component of a company’s risk management strategy. DOJ’s revised guidance shows DOJ has a consistent view of the importance of an effective and highly functioning compliance program. Health system boards, executive teams, and the compliance and other departments would be well served to review and implement the key takeaways and messages from the revised guidance.

Mr. Peregrine and Mr. Maida are partners in the law firm of McDermott Will & Emery, and Ms. Lauer is a partner in the law firm of Latham & Watkins.

BREAKING NEWS – Florida Legislature Passes Latest Sober Homes Task Force SUD Treatment and Recovery Residence Legislation

Today, the Florida Senate passed and adopted Florida House Bill 369 (HB 369) which was drafted based upon recommendation from State Attorney Dave Aronberg’s Sober Home Task Force.

The legislation is now on its way to Governor Ron DeSantis’ desk for signature.

Below is a summary of the bill and how it affects SUD treatment providers, recovery residences, and lead generators/marketers.

NOTE: unless and until the Governor signs the law, these changes do not take effect. If signed, the law will take effect on July 1, 2019.

  1. Level 2 Background Checks – Disqualifications – Exemptions.

    Certain persons in positions of ownership or employment in a treatment program or recovery residence must pass a Level 2 background screening. If specified crimes are found in the applicants past, they are deemed “disqualified” from such ownership and/or employment.

    Treatment and recovery advocacy groups have been rightfully asserting for years that these disqualifications otherwise exclude the type of workforce that historically occupies this space – persons in recovery who themselves have had run-ins with the law while in active addiction.

    HB 369 seeks to correct this issue by allowing the state to grant “limited exemptions” from disqualification as the result of criminal history for persons who work solely in mental health treatment programs or facilities, or in programs or facilities that treat co-occurring substance use and mental health disorders. The purpose of this expansion by created a “limited exception” is as the result of an acknowledgement from the Legislature that the SUD workforce population often comes from persons in recovery from SUD themselves, and often times have a criminal background as the result of prior drug or alcohol misuse.

    However, and beginning July 1, 2019, the types of offenses to be screened under a Level 2 background check have also been EXPANDED to include those offenses listed in Chapter 408, F.S. (s. 408.809(4)). As a result, persons who may have passed a Level 2 background check in the past under Ch. 435, may now find themselves having to submit a new exemption application.

    That said, HB 369 also expands the crimes for which an individuals may receive an exemption from disqualification without the statutorily imposed waiting period, if they are working with adolescents 13 years of age and older and
    adults with substance use disorders, it being recognized that these crimes are most often associated with active drug misuse.  The specific crimes for which the “waiting period” have been waived are:

    • Prostitution.
    • Burglary (3rd degree felony).
    • Grand theft of the third degree (3rd degree felony).
    • Forgery (3rd degree felony).
    • Uttering forged instruments (3rd degree felony).
    • Related attempt, solicitation, or conspiracy crimes.

    That said, the facts and circumstances of each application for exemption are viewed on a case-by-case basis, meaning that if it seems that the underlying crime was perpetrated not associated with drug or alcohol misuse, but rather in the course of a scheme of criminal behavior, the exemption may still be denied by DCF.

    For individuals who seek an exemption from disqualification for employment in substance abuse treatment following a level 2 background screening, the bill requires DCF to render a decision on the application for exemption from disqualification within 60 days after DCF receives the complete application. Historically, DCF has “taken its time” with review, leaving many, many persons otherwise unemployable for an indefinite period of time.

    Additionally, HB 369 allows individuals to work under supervision for up to 90 days while DCF evaluates their applications for an exemption from disqualification, so long as it has been five or more years, or three or more years in the case of a certified peer specialist or peer specialist seeking certification, since the individuals have completed all nonmonetary conditions associated with their most recent disqualifying offense.

  2. Clinical Supervisors.

    Going forward, persons identified on DCF applications as a facility’s “Clinical Supervisor” must also meet the definition of persons who are “Qualified Professionals.”

    A “Qualified Professional” means “a physician or a physician assistant licensed under chapter 458 or chapter 459; a professional licensed under chapter 490 or chapter 491; an advanced practice registered nurse licensed under part I of chapter 464; or a person who is certified through a department-recognized certification process for substance abuse treatment services and who holds, at a minimum, a bachelor’s degree. A person who is certified in substance abuse treatment services by a state-recognized certification process in another state at the time of employment with a licensed substance abuse provider in this state may perform the functions of a qualified professional as defined in this chapter but must meet certification requirements contained in this subsection no later than 1 year after his or her date of employment.”

    “Clinical Supervisors” are deemed those persons “whose functions include managing personnel who provide direct clinical services or maintaining lead responsibility for the overall coordination and provision of clinical services.”

    Previously, clinical supervisors were not required to be qualified professionals. This revised definition would now require clinical supervisors to meet the requirements of a qualified professional under s. 397.311(34), F.S., meaning only a licensed physician, physician assistant, psychologist, mental health professional, or advanced practice registered nurse, or a certified substance abuse treatment services provider with a bachelor’s degree could hold this title and serve in this role.

  3. “Community Housing” under a “Day or Night Treatment with Community Housing” license (aka “PHP”) Must Now Be FARR Certified.

    HB 369 now requires the residential component of a “day or night treatment facility with community housing” (Rule 65D-30.0081) license to be FARR certified. Currently, such community housing is not required to be certified as recovery residences pursuant to an obscure administrative ruling late last year by DCF.  Under the bill, licensure of PHP programs must now concurrently include FARR certification of the residence itself (likely as a FARR Level 4 program). Additionally, the housing components would need a certified recovery residence administrator to actively manage them and they would be subject to the referral restrictions of s. 397.4873, F.S.

  4. Eviction/Discharge from a Recovery Residence.

    It is well-recognized in the recovery community that a resident of a recovery residence who is disruptive and/or relapses must be removed from the dwelling for the safety and security of the other residents. However, often times local law enforcement was hesitant to remove such an individual under confusion about whether Florida’s Residential Landlord Tenant Act applied (Ch. 83, F.S.), and whether the landlord/recovery residence administrator was required to seek a court order of eviction.

    Under HB 369, the bill allows a certified recovery residence that has a discharge policy approved by FARR to transfer or discharge residents from the recovery residence in accordance with that policy under the following circumstances:

    • The discharge or transfer is necessary for the resident’s welfare;
    • The resident’s needs cannot be met at the recovery residence; and
    • The health and safety of other residents or recovery residence employees are at risk or would be at risk if the resident continues to live at the recovery residence.

    This right to discharge or transfer a resident will supersede any landlord and tenant rights and obligations under Chapter 83, F.S., Florida’s Residential Landlord Tenant Act.

  5. Clarification of Marketing Prohibitions and Contracts.

    For entities that contract with a marketing provider that provides referral services to treatment providers and/or recovery residences, HB 369 makes it a contractual requirement for the marketing provider to disclose the nature of the referral and the list of DCF’s licensed service providers and certified recovery residences. Previously, this obligation was placed on the treatment providers and/or recovery residences themselves, which made no sense, since they had no direct control over the lead generator.

    To understand this change, we look back to the origin of the law from 2017, when the Florida Legislature created s. 397.55, F.S., relating to prohibitions on specified marketing activities by third-party marketers.

    That statute provides in part:

    service provider, an operator of a recovery residence, or a third party who provides any form of advertising or marketing services to a service provider or an operator of a recovery residence may not engage in any of the following marketing practices:

    (a) Making a false or misleading statement or providing false or misleading information about the provider’s or operator’s or third party’s products, goods, services, or geographical locations in its marketing, advertising materials, or media or on its website.
    (b) Including on its website false information or electronic links, coding, or activation that provides false information or that surreptitiously directs the reader to another website.
    (c) Conduct prohibited by s. 817.505 (the Patient Brokering Act).
    (d) Entering into a contract with a marketing provider who agrees to generate referrals or leads for the placement of patients with a service provider or in a recovery residence through a call center or a web-based presence, unless the service provider or the operator of the recovery residence discloses the following to the prospective patient so that the patient can make an informed health care decision:
    1. Information about the specific licensed service providers or recovery residences that are represented by the marketing provider and pay a fee to the marketing provider, including the identity of such service providers or recovery residences; and
    2. Clear and concise instructions that allow the prospective patient to easily access lists of licensed service providers and recovery residences on the department website.

    HB 369 now corrects and clarifies s. 397.55(1)(d) by now placing the burden on the MARKETING PROVIDER to be the responsible party to disclose to prospective patients: (1) Information about the specific licensed service providers or recovery residences that are represented by the marketing provider and pay a fee to the marketing provider, including the identity of such service providers or recovery residences; and (2) Clear and concise instructions that allow the prospective patient to easily access lists of licensed service providers and recovery residences on the DCF website.

    The failure of the MARKETING PROVIDER to clearly provide this information to patients is a crime, a misdemeanor of the first degree. A violation of paragraph (1)(c) is a violation of the prohibition on patient brokering and if a felony.

    Still, it is also a crime for a treatment provider and/or recovery residence to enter into a contract where this requirement is not adhered to.

  6. Patient Brokering.

    HB 369 further clarifies and closes an alleged loophole in the existing statute (817.505), whereby persons were claiming that any payment arrangement not specifically excluded by the federal Anti-Kickback Statute (42 USC s. 1320a-7b(b)), was otherwise permitted by the Patient Brokering Act. To put to bed any such confusion, HB 369 makes it abundantly clear that the Patient Brokering Act would not apply to payment arrangements EXPRESSLY PERMITTED by the AKS (and its regulations adopted pursuant thereto).  In other words, if the payment arrangement is not prohibited by the AKS, that does not mean it is permitted under the Patient Brokering Act.

  7. FARR Decision-making and Due Process.

    Up until now, the right of FARR to deny or condition certification did not have a clear process to challenge such an adverse decision, but for going directly to court. The Florida Legislature, acknowledging that FARR has been delegated executive branch responsibility from DCF, has now provided that any decision by FARR to deny, revoke or suspend a certification, or otherwise impose sanctions, in now reviewable first through a formal administrative process by DCF, pursuant to the laws and rules of Chapter 120, F.S., the Florida Administrative Procedures Act, which includes the opportunity for an impartial hearing before an Administrative Law Judge.

  8. Increased Penalties for Misleading DCF in Applications.

    The Florida Legislature has elected to take a very tough stance against applicants for licensure (or renewal) who are not completely transparent with the agency in their applications, specifically with regard to omitting persons in a position of ownership or otherwise. HB 369 amends s. 397.4075, F.S., to now make it a 3rd degree felony (punishable up to 5 years in prison plus fines) to “inaccurately disclose by false statement, misrepresentation, impersonation, or other fraudulent means, or fail to disclose, in any application for licensure or voluntary or paid employment, any fact which is material in making a determination as to the person’s qualifications to be an owner, a director, a volunteer, or other personnel of a service provider.”

    It is also now a felony to operate or attempt to operate as a service provider with personnel who are in noncompliance with the minimum standards required for licensure.

  9. Peer Specialists.

    Currently there is no statutory definition of or requirements for a peer specialist as it relates to mental health and substance abuse. The bill creates a definition for peer specialists consistent with DCF’s guidelines and guidance
    documents, and requires peer specialists to be certified, except in limited circumstances, to provide DCF-funded support services.

    As the nation faces a shortage of mental health professionals, peers or peer specialists have been used to fill the gap and assist persons with substance use disorders and mental illnesses. In Florida, DCF and Medicaid both allow reimbursement for peer support services but only if provided by certified peer specialists.

    HB 369 accomplishes the following in this regard:

    • Defines “peer specialist” as a person who has been in recovery from a substance abuse disorder or mental illness for at least two years and who uses his or her lived experience to deliver services in behavioral health settings to support others in their recovery, or as a person who has two years’ experience as a family member or a caregiver of a person with a substance abuse disorder or mental illness.
    • Allows a peer specialist who is not yet certified to provide support services for up to a year while he or she is working towards certification; such peer specialists must be supervised by a qualified professional or a certified peer specialists with at least three years of full-time experience at a licensed behavioral health organization.
    • Requires DCF to approve training and continuing education programs for peer specialist certification; DCF must designate one or more credentialing entities that have met nationally-recognized standards for developing and administering certification programs to handle the training and certification of peer specialists.

    DCF guidelines recommend that an individual be in recovery for at least two years to be considered for peer training. In Florida, family members or caregivers can also work and be certified as peer specialists. The Florida Certification Board currently oversees the competency examination and certification process for peer specialists, which requires the individual to have been in recovery for at least two years or have lived experience as a family member or caregiver to another in recovery. To be certified, one must be at least 18 years of age, have a high school diploma or equivalent, complete 40 hours of training, undergo background screening, and
    pass a competency exam.

    As of January 2019, there are 482 actively certified peer specialists.

Editor’s Note: This post is meant to be merely a summary of the law and is not intended to be legal advice. Any specific questions should be directed to legal counsel with regard to changing and revising policies that impact ownership, management and operation of your program.

Feds Bring Heat of Culture of Compliance Into Fight Against Opioid Epidemic

The other day we wrote about the importance of treatment programs hiring educated and trained (and preferably “certified”) compliance professionals into the ranks of management, in order to identify and address non-compliant activities and to make corrections.  While not mandatory, government regulators and prosecutors often look to the implementation of an effective compliance program as a mitigating factor when it comes to penalties and punishment for otherwise non-compliant behavior.

However, merely hiring anyone and naming them as “compliance officer” is both dangerous, and in the case of Rochester Drug Co-Operative Inc,. one such “compliance officer” has been criminally charged for sticking his head in the sand while ownership was distributing millions of doses of opioids to alleged pill mills.

Rochester Drug Co-Op acted as a middleman between laboratories and pharmacie and grew to be one of the nation’s largest drug distributors at the height of its opioid push, supplying 1,300 pharmacies in the northeastern U.S., according to the DOJ. The DOJ claims sales soared from 2012 to 2017 as the company took on pharmacy clients that other distributors refused to service.

Law360 is reporting that William Pietruszewski a “logistics specialist” at Rochester, who was only later “handed” the role of Compliance Officer with little direction and no training, has also been charged with conspiracy to distribute narcotics, conspiracy to defraud and failing to tell the Drug Enforcement Agency about suspicious pharmacy orders. He has agreed to plead guilty.

DOJ said Pietruszewski was managing the warehouse and tracking inventory at Rochester Drug Co-Op when he took on a second role as chief compliance officer. The document suggested compliance was established as an afterthought to profit.

“This historic investigation unveiled a criminal element of denial in RDC’s compliance practices and holds them accountable for their egregious noncompliance according to the law,” DEA special agent Ray Donovan said after the charges were unsealed.

Pietruszewski was charged alongside the company’s chief executive, the role historically liable for business failings. Prosecutors stressed Pietruszewski’s compliance position in public statements and weaved his “woefully inadequate due diligence program” throughout the charging documents filed last week.

“One of the lessons here, certainly, is that one of the first things the government is going to look at is the compliance program,” Tom Hill of Pillsbury Winthrop Shaw Pittman LLP said. “They want to see if it’s designed in an effective way and implemented with the appropriate degree of seriousness and rigor, as opposed to being there for window dressing purposes.”

The weight that prosecutors place on corporate compliance programs has only grown in the quarter-century since the DOJ established expectations for them in criminal sentencing guidelines. Pietruszewski’s case is a shining example, attorneys said, that compliance structure and effectiveness can determine the outcome of a government investigation.

“It continues to seep into the fabric of corporate America,” said Margaret Cassidy, chair of the American Bar Association’s compliance committee. “Even in smaller companies, they’re beginning to realize the vulnerability they have, the risk they have if they don’t develop some sort of ethics and compliance program.”

Experts said compliance programs should be designed to deal with situations like the one alleged at Rochester Drug, where CEO Laurence Doud and another executive — who remained unidentified and uncharged as of Tuesday — are said to have bred a culture of noncompliance.

“The question is if you have enough checks and balances so that, when mistakes happen, you are likely to catch them,” Hill said. He suggested, for starters, that companies must take every internal complaint seriously. Rochester Drug Co-Op failed on that front too, prosecutors claimed.

Read more at:

Why Having a Certified Compliance Professional in Addiction Treatment is Critical

The health care law world has been buzzing over the weekend about the release by HHS of its Notice of Enforcement Discretion, regarding a reduction and cap of Civil Monetary Penalties (CMP) for violations of both HIPAA’s Privacy Rule and its corollary Security Rule.

The new system sets annual limits for these fines based on the organization’s “level of culpability” associated with the HIPAA violation. That means organizations that have taken measures to meet HIPAA’s requirements will face a much smaller maximum penalty than those who are found neglectful.

Many are not aware that HIPAA has both a “privacy” component and a “security” component, the former pertains to use of Protected Health Information (PHI) and the latter of which speaks to the how such information is to be securely stored both in paper form and digitally.

The Health Information Technology for Economic and Clinical Health Act, (the HITECH Act) outlines minimum and maximum civil money penalties for HIPAA enforcement based on four tiers, which take into account whether the organization in question was aware of the violation and whether it had taken steps to abide by HIPAA’s rules. The tiers escalate in severity, from an organization that is unaware of the violation to one that demonstrated “willful neglect” in not correcting violations.

Violation of the HIPAA requirements mandates “self-reporting,” meaning that a health care provider (which includes in this instance addiction treatment providers) must report themselves to HHS of any such breach. Depending on the “level of culpability” there is a fine that is imposed. If a provider does not self-report, the fines are much more punitive and steep.

Last year marked a record year for HIPAA enforcements, as HHS collected an all-time high of $28.7 million from HIPAA-covered entities and their business associates. That surpassed the previous record of $23.5 million, which HHS doled out in 2016.

To avoid all of the pitfalls and landmines that permeate health care generally, a well-trained and experienced Compliance Officer who works with ownership and staff (and preferably a Compliance Committee) is a strong and wise investment. Such persons are tasked with primary responsibility to oversee and coordinate relevant and timely information pertaining to laws, rules and regulations governing matters such HIPAA; billing & coding; employee & vendor compensation; insurance audits; working with investigators; and patient financial responsibility.

A Certified Compliance Officer (CHC or “Certified in Healthcare Compliance”) is a recognized professional in this space who is trained to develop, implement and regularly update arecognized compliance program, which in many instances is viewed as a mitigating factor when determining whether a regulatory breach has occurred, as opposed to criminal activity.

The Health Care Compliance Association (HCCA) is the pre-eminent membership organization for all persons certified in health care compliance to share “best practices” and to network as to the latest trends and news in health care compliance. This organization worked extensively with the Compliance Certification Board (CCB) to develop criteria to determine competence in the practice of compliance, in this instance, in the health care sector.

According to the CCB:

“The healthcare world can be a high-risk and challenging environment that demands a proactive compliance approach. Being certified in this dynamic, changing profession can help mitigate compliance-related risks. An individual who actively holds the Certified in Healthcare Compliance (CHC)® is someone with knowledge of relevant regulations and expertise in compliance processes sufficient to assist the healthcare industry organizations in understanding and addressing legal obligations, and promote organizational integrity through the operation of effective compliance programs.”

The time is right for the addiction treatment and recovery residence industries to elevate what it means to have a “Compliance Officer” on staff, to be more than simply someone who ensures DCF licensure is up-to-date. Specific training and qualifications should be sought for such important positions within a program, no differently than in medical health care.

In my 9+ years of working extensively within the addiction treatment space, I have often met persons identified as a client’s “Compliance Officer” but came to realize many did not have the full scope of training to be able to anticipate and navigate the daily landmines and pitfalls that operating a health care business brings. Hiring a staff member who is certified in health care compliance should be viewed as an essential hire in addiction treatment to begin to lift this segment out of the shadows and into respectable health care as well as within the larger “recovery community” of service providers.

Hiring a competent certified compliance officer is but a small investment to make in exchange for the peace of mind that all aspects of a treatment provider’s operations, including any recovery residential services, meet the both the letter and the intent of the law.

For more information, visit the HCCA’s website at

The Feds Get Creative Prosecuting Kickbacks

In various health care law blogs and posts, lawyers across the country have been writing about the “Eliminating Kickbacks in Recovery Act” (EKRA) which was adopted as part of the SUPPORT Act of 2018 (the “Substance Use-Disorder Prevention that Promotes Opioid Recovery and Treatment for Patients and Communities Act”). Most if not all of the writings, opinions, and lectures lawyers have been giving are understandably all based upon conjecture, since the federal government has not (to anyone’s knowledge) brought a prosecution yet pursuant to that law.

As a general premise, and much like Florida’s Patient Brokering Act, EKRA prohibits kickbacks between providers of services or between third parties and service providers. The reason for the importance of this law is: (1) many states, aside from Florida, did not have a state-level “anti-patient brokering” law to address the fraud and corruption epidemic amongst various treatment providers and their marketing arms; (2) existing federal law addressed only federally-funded plans such as Medicare, Medicaid and TriCare.  EKRA was viewed as bridging that gap to capture similar criminal behavior amongst persons who obtain reimbursement from private insurance.

Most of the concern expressed is that the law, as drafted, is not (in their opinion) not as clearly articulated as the federal Anti-Kickback Statute (AKS) which has Safe Harbors and other regulatory interpretations which have guided health care lawyers since adoption.  Their concern is in their inability to counsel clients as to what behaviors are allowed under EKRA and which would violate that law.

While Congress may have had its own intent, it comes down to the Justice Department to enforce the law, and health care lawyers have been sounding the alarm that governmental overreach in prosecuting what is not otherwise a kickback but “looks” like a kickback is certain to happen, if for no other reason, but due to the constant negative publicity that addiction treatment providers regularly receive in the press.

In contrast, what does not occur in the press with much frequency is the daily arrest, indictment, conviction and plea deals struck with MEDICAL health care providers who violate the AKS (or its similar counterparts, the Stark Law and the False Claims Act).

However, a “tip of the cap” is to be given to the Dallas Morning News and reporter Kevin Krause, who revealed the federal government’s novel attempt to address kickbacks in health care – the federal Travel Act.

In his story published on 4/14/19 entitled “Here’s why doctors should worry about the feds’ novel approach to prosecuting health care kickback cases,” he write the following (with our editorialization in BOLD within):


Texas doctors who cut business deals with hospitals thought they were in the clear, as long as they avoided Medicare patients and those covered by other federal health insurance programs.

That way, they couldn’t run the risk of violating the federal anti-kickback law. That’s the way it’s always been.

Not anymore.

Using a 60-year-old law, federal prosecutors have found a way to target health care kickback schemes that involve private insurance. The guilty verdicts against surgeons and others in the Forest Park Medical Center case are sending shock waves throughout the U.S. medical community and could upend many doctor-hospital relationships. The trial also revealed just how important doctors are to the financial survival of hospitals, and how far hospitals will go to attract them.

Some attorneys are crying foul, saying the government has moved the goalposts by using the Travel Act, which was passed to crack down on organized crime. Many attorneys are scrambling to advise their clients accordingly. A lot of money is at stake. Marketing agreements, in particular, are suddenly in the hot seat. But consulting agreements, medical directorships and office leasing arrangements are all in the mix, too.

“I think there is a lot of worry,” said Carolyn McNiven, a San Francisco health care lawyer who, like others, was closely watching the seven-week trial in Dallas. “I think a lot of people are walking into a buzz saw that they don’t know is coming.”

The Travel Act gives federal jurisdiction to a wide range of crimes, including bribery, if state lines are crossed using mail or electronic communications. But until recently, it’s never been used in health care fraud cases.

Federal prosecutors used it in Dallas successfully for the first time, in the Forest Park trial that wrapped up last week.

The jury found that Forest Park paid lucrative benefits to surgeons in the form of free advertising in exchange for them bringing their expensive surgeries to the hospital. Such quid pro quos are considered illegal kickbacks.

Dr. Michael Rimlawi, one of the convicted Forest Park surgeons, appeared stunned by the guilty verdict against him last week. He faces up to 15 years in prison.

“I’m in disbelief,” Rimlawi told supporters gathered around him at the federal courthouse in Dallas. “I thought we had a good system, a fair system.”

McNiven and other health care lawyers say they believe the government will view the Forest Park case as a green light to launch more prosecutions in similar cases involving private insurance provided by such companies as Aetna and United Healthcare.

“The entire health care industry is looking at Dallas,” said Nick Oberheiden, a Dallas health care lawyer. “I think this is a complete shakeup.”

James A. Fisher, who has represented whistleblowers in health care fraud cases, said the new enforcement effort is a major step forward.

“I am glad the government aggressively prosecuted that case, because this is a serious problem. If the doctor’s decision is influenced by anything other than the patient’s best interest, then that is a corrupted process,” he said. “It will bring more integrity into decision-making by physicians.”

Two of the nine Forest Park defendants on trial were found by the jury to have violated the Travel Act: Wilton “Mac” Burt, a founder and top manager of the hospital, and Dr. Shawn Henry, a Fort Worth spine surgeon who referred patients to the hospital. The Forest Park prosecution also involved some federal insurance programs like Tricare, the military’s health program.

Four of the defendants were acquitted of charges related to the Travel Act, which some lawyers say should temper the government’s enthusiasm for the law.

Tom Melsheimer represented Dr. Nick Nicholson, a bariatric surgeon, the only Forest Park defendant to be acquitted last week of all charges against him.

“The verdict can be viewed as a pretty serious rebuff of the Travel Act theory as applied to the doctors,” he said. “No doctor who participated in the marketing program was convicted of a Travel Act count.”

Two other Forest Park founders and physicians, Dr. Richard Toussaint and Dr. Wade Barker, pleaded guilty to violating the Travel Act.

Most Forest Park defense attorneys declined to comment after the verdicts. Some said they plan to appeal. The convictions are not final until affirmed by an appellate court.

Doctors and their surgeries are critical for a hospital’s bottom line, and thus getting patients in the door and on the operating table has become big business — to such an extent that prosecutors say Forest Park had to bribe doctors for surgeries when it opened and for several years afterward.

Two Forest Park doctors, for example, operated there up to 14 times a day, from early morning until night, according to trial testimony. A recent survey found that doctors legally generate an average of $2.4 million per year for their affiliated hospitals.

The survey shows that doctors “continue to drive the financial health and viability of hospitals,” said Travis Singleton, executive vice president of Merritt Hawkins, a Dallas physician search firm that conducted the survey. The results were released as the Forest Park trial got underway.

Certain medical specialties generate the most revenue. Orthopedic and cardiovascular surgeons, for example, bring in an average of over $3 million for their hospitals each year, according to the survey.

Marketing arrangements between doctors and hospitals are commonplace across Texas, according to testimony during the Forest Park trial. Under such contracts, hospitals pay to advertise the practices of doctors who bring their surgeries to the hospital. But Forest Park picked up 100 percent of the tab even though the ads barely, if ever, mentioned the hospital.

That is a benefit, prosecutors argued — a lucrative one that helped the doctors grow their practices significantly.

The Forest Park surgeons argued there were no strings attached to that money. But prosecutors convinced a jury otherwise, showing that the doctors were being paid to steer their patients to Forest Park — and hiding behind legal contracts to do so.

At least three other Dallas hospitals have paid doctors for patients using marketing agreements, according to federal prosecutors.

Two of them, Vista Hospital and Victory Hospital, have since shut down like Forest Park. The third, Pine Creek Medical Center, paid a $7.5 million fine to the government in 2017 for a scheme similar to the one at Forest Park — paying doctors for patient referrals with free advertising on billboards, radio and TV, and the internet, according to the U.S. attorney.

The Pine Creek case came to light in a whistleblower lawsuit filed by two of the hospital’s former marketers. That scheme, however, involved Medicare and Tricare beneficiaries and did not employ the Travel Act and Texas’ commercial bribery law.

Pine Creek’s new chief executive, Dan Gideon, said his hospital has some new owners and is meeting the terms of its five-year corporate integrity agreement with the government. He said no additional concerns have been raised.

At Forest Park, surgeries meant big bucks.

When the hospital opened in 2009, there was already a healthy competition for patients. Forest Park had another challenge: It wasn’t in any insurance networks and it didn’t accept Medicare patients.

Forest Park’s top administrator, Alan Beauchamp, didn’t mince words about the urgency of patient referrals.

“We need more bodies on the table,” he told Israel Ortiz, a clinic owner and co-defendant who admitted to selling patients to Forest Park.

The question then for hospitals, especially new ones, is how to legally attract patients without offering improper financial incentives.

Jacob T. Elberg, an associate professor at Seton Hall University School of Law in New Jersey, understands those business pressures.

When he was a federal prosecutor, he led a massive kickback prosecution in New Jersey that ultimately resulted in the convictions of over 50 defendants, including 38 doctors. The case, which wrapped up last year, involved a lab called Biodiagnostic Laboratory Services, which paid kickbacks to doctors for patient referrals.

Elberg’s case is believed to be the first time a federal jury convicted someone of violating the Travel Act in a health care fraud case.

The Travel Act was passed in 1961 to crack down on organized crime. The law makes it illegal to use the mail or other forms of interstate commerce to commit any “unlawful activity,” such as bribery. The federal law essentially piggybacks on state commercial bribery laws like the one in Texas, which apply to health care schemes involving private health insurance.

The government doesn’t even have to show patient harm in such cases.

Elberg, who was chief of the District of New Jersey’s health care and government fraud unit, said many states don’t have the resources or the expertise to take on large-scale prosecutions for health care bribes and kickbacks.

Texas has never enforced its commercial bribery law, according to testimony in the Forest Park trial.

“This is an area where there hasn’t been as much enforcement as there should be,” Elberg said.

Certain health care providers have taken advantage of that for years, he said. But Elberg said his case had a major deterrent effect.

“We were aware of misconduct that was ongoing that stopped as a result of this,” he said.

Oberheiden, the Dallas lawyer, said having a marketing contract that on its face complies with the law will no longer suffice for doctors.

“If the motives behind it are not legitimate, then the contract is not worth the paper it’s written on,” he said.

Lawyers, Oberheiden said, will need to be careful about authorizing such contracts and then closing their eyes to what they will be used for. And clients need to understand that “if undisclosed motives don’t match the language of the contract, then it’s useless.”

Jeff Ansley, a Dallas health care lawyer, called the Forest Park case and its use of the Travel Act a creative yet “very aggressive prosecution.”

He said the case will add confusion to the question of which doctor business practices are appropriate. The Justice Department should provide more legal guidance on the matter, Ansley said, particularly since doctors aren’t trained in the business of medicine.

“There is a lot of gray out there,” he said of doctor marketing arrangements. “It’s increasingly unclear where the lines are.”

In the Forest Park case, well-educated and respected practitioners had their business agreements vetted by lawyers and still got convicted, Ansley said. They included surgeons who pioneered techniques that cut down on infection and speed up recovery.

“You wouldn’t think they went to medical school to commit fraud, and here they are,” Ansley said.

McNiven, the San Francisco lawyer, echoed those concerns, saying those in the health care industry rely on “predictability” in enforcement.

“The application of the Travel Act really upended what people thought were the acceptable rules of the road,” she said. “I do feel like this is hiding the ball.”

Most lawyers are familiar with the federal Stark and anti-kickback laws, but they aren’t thinking about state commercial bribery laws like the one Texas has on the books, she said.

Jason Ross, an attorney for Burt, said the government’s prosecution should concern “individuals and companies in the health care industry.” He said it “marks an expansion of federal law enforcement” by “alleging fraud against private insurers by way of the Travel Act’s ability to federalize state laws.”

“The specter of more aggressive federal criminal enforcement of this type could certainly shift the balance of power in favor insurance companies, to the detriment of health care providers,” Ross said.

Ansley and McNiven said the ultimate impact of the Forest Park case might be to discourage many doctors from engaging in any sort of business relationships.

And that would be bad for doctors and patients, they said.

EDITORS NOTE: We have been reading stories like this for years, and the common answer has always been, “how are we to conduct business if the standard commercial business rules don’t apply?” The answer is very simple – do not engage in any form of quid pro quo, any form of incentive or benefit, or anything that would steer clients as a result of a pecuniary gain, rather than what is in the best interests of the patient. While many providers across all health care paradigms complain that the intent of the laws passed are being abused by law enforcement and causing unreasonable and unpredictable disruption in the health care economy, the issue continues to emphasize the serious conflict between free market enterprise and the public policy regarding healthcare. This issue is clearly going to be a constant theme in the 2020 Presidential election and for many years to come.

The re-posting of this story is for informational purposes only. We are neither endorsing or commenting on any statement made by any lawyer or person in the article. Language inbold letters is for illustration and emphasis purposes only.

SAMHSA Grants for State Targeted Responses (STR) to the Opioid Crisis Appear to be Working

Every so often, we are very happy to report what is otherwise good news.

On March 28, 2019, the US Department of Health and Human Services, Office of Inspector General (OIG) completed Audit A-03-17-03302 of the Substance Abuse and Mental Health Services Administration (SAMHSA) management of the awarded State Targeted Response to the Opioid Crisis (Opioid STR) granted to States and territories to use for programs that address opioid addiction. The 21st Century Cures Act allowed SAMHSA to award $1 billion in funding, half in Federal fiscal year (FY) 2017 and the other half in FY 2018 based on a formula developed by agencies and offices within the Department of Health and Human Services (HHS).

OIG’s stated objective was to determine whether SAMHSA followed HHS grant regulations and program specific requirements when awarding Opioid STR grants authorized under the 21st Century Cures Act.

OIG’s audit covered SAMHSA’s Opioid STR grant award process for FY 2017 (October 1, 2016, through September 30, 2017). During FY 2017, SAMHSA awarded 57 Opioid STR grants totaling $484.5 million. They reviewed documentation provided by SAMHSA pertaining to the grant award process and also evaluated whether SAMHSA’s funding formula was based on the 21st Century Cures Act, reviewed the funding formula elements, and obtained SAMHSA’s explanation for why the elements were chosen.  The OIG also reviewed the formula calculation methodology that SAMHSA used to determine the funding amounts for each of the 57 grants.

The results of that audit were very positive – the OIG found that SAMHSA followed HHS grant regulations and program-specific requirements when awarding Opioid STR grants authorized under the 21st Century Cures Act. Specifically, SAMHSA performed an adequate review of all 57 grant applications and adequately followed up with applicants to address their concerns. As part of the pre-award process, SAMHSA created teams of expert staff members to review the applications and evaluate the information.

OIG also determined that SAMHSA’s funding formula elements (unmet need for opioid use disorder and drug poisoning deaths) were based on the 21st Century Cures Act. According to SAMHSA, these funding elements provided the most comparable and uniform data on a national scale to assess the prevalence of the opioid crisis.

Lastly, the OIG found that the 2018 State Opioid Response grant legislation provides an additional 15-percent set-aside for the 10 States with the highest mortality rates related to drug poisoning deaths.

It’s always good to learn that when such significant federal funds are set aside for a specific purpose, particularly a response to the national opioid epidemic, that those funds appear to be spent as and where they are supposed to be.

A summary of the report can be found here.

The full report can be found here.