HITECH (the Heath Information Technology for Economic and Clinical Health Act) was part of ARRA (the American Recovery and Reinvestment Act) of 2009.  HITECH included some good news in that it provides over $19 billion to promote the adoption of electronic medical records through incentive payments. There are provisions for substantial payments to eligible professionals and eligible hospitals that are “meaningful users” of Electronic Health Records. Rules have recently been published both to address the incentives and penalties for not using EHR “meaningfully”. The legislation provides significant financial incentives through the Medicare and Medicaid programs to encourage doctors and hospitals to adopt and use certified electronic health records. Physicians will be eligible for $40,000 to $65,000 for showing that they are meaningfully using health information technology, such as through the reporting of quality measures. Hospitals will be eligible for several million dollars in the Medicaid and Medicare programs to similarly use health information technology. Federally qualified health centers, rural health clinics, children’s hospitals and others will be eligible for funding through the Medicaid program.

The other part of the new law which may make it more challenging to either be a health provider or do business with such a provider is that HITECH also made some substantial changes to HIPAA (Health Insurance Portability and Accountability Act of 1996). Some highlights of these changes include: (1) a requirement that covered entities notify individuals of breaches involving their PHI (protected Health Information); (2) that new Business associate agreements are required that provide that Business associates will be directly responsible to HHS for the use and disclosure of PHI and that they will be directly subject to civil and criminal penalties; (3) that Covered entities must account to HHS for disclosures of PHI; (4) that Covered entities are prohibited from selling PHI without an authorization from the patient; (5) a limitation on the potential for using PHI for marketing purposes; (6) a major increase in the civil penalties for HIPAA violations and (7) a provision that permits the enforcement of HIPAA by State Attorney Generals.

Before ARRA, HIPAA required that covered entities such as hospitals, physicians and health plans had to enter into contracts (known as “business associate agreements”) with entities performing functions or providing services on their behalf if those functions or services involved the exchange of health information. The contracts had to require that business associates use appropriate security safeguards to protect the health information they received from the covered entity. These agreements also set forth the permitted uses and disclosures of such health information. However, prior to ARRA, business associates themselves were not directly subject to governmental enforcement action: the only remedy available against a business associate was for a covered entity to sue for breach of contract. Under the new law, business associates are now required to directly comply with most provisions of the HIPAA Security Rule. They also must comply with any changes to the Privacy Rule that were part of ARRA regardless of whether or not their contracts with covered entities contain those provisions Business associates can now be held directly accountable by federal or state authorities for any failure to comply with HIPAA as amended by ARRA or applicable regulations.

Additionally the new law requires that covered entities which become aware of breaches of “unsecured” health information comply with certain notification provisions. ARRA includes specific provisions regarding the content, methods and timing of notification. Notice must be afforded no later than 60 days after the discovery of the breach. A breach is considered to be “discovered” when at least one employee of the entity (other than the person responsible for the breach) knows (or reasonably should know) of the breach. Notice is required to be provided to media outlets if the information of more than 500 individuals is involved. Notice of all breaches also must be provided to the Secretary (immediately if the breach involves the information of more than 500 individuals and in an annual log for breaches that do not trigger this threshold.) The Secretary is required to include a list on the HHS website of covered entities involved in breaches of more than 500 individuals’ information, and must annually report to Congress on the number and nature of any breaches that occurred during that year.

If you have any questions about how this new law may affect you or your business, be sure to visit our Business Litigation page, or contact us directly to deal with an experienced business attorney.

Comments Off

The Statute of Frauds is an often confusing concept, even to a practicing business attorney. The essence of the doctrine is that certain agreements will be unenforceable in a court of law, unless those agreements are in writing and signed by the party against whom enforcement is sought.  In today’s business climate, where it must be assumed that no business or person is providing services for free, the application of the Statute of Frauds to an oral business agreement can produce some seemingly unfair results.

            Such was the case in Snyder v. Bronfman (2009 NY Slip Op 8667 [2009]), a recent Court of Appeals case.  In this case, the Plaintiff, Robert Snyder, was at first a casual business acquaintance of Defendant Edgar Bronfman, a wealthy New York City investor.  The parties then orally agreed that plaintiff would function as defendant’s “experienced right hand’, ‘sounding board’, ‘loyal ally’, ‘principal advisor’, and most importantly, his ‘consigliore”, in connection with a joint venture to acquire and operate companies in the media business. 

            Thereafter, Plaintiff worked on trying to put together acquisitions for the joint venture. He developed for the parties’ joint venture, a series of business relationships with key figures in the corporate and investment banking communities.  He apparently spent countless hours working on aborted deals, before finally bringing to fruition a deal to acquire Warner Music from Time Warner.  Although there was no debate in the record that Plaintiff was a major contributor to the success of the deal, after the deal had closed, Defendant refused to compensate Plaintiff for his efforts in bringing about the deal. 

            Plaintiff then sued, and the Defendant moved to dismiss the complaint.  The Court, in affirming the lower court’s decision granting Defendant’s motion, held that (1) the parties did not have an enforceable contract because the terms of the parties’ agreement were too indefinite, and (2) that Plaintiff’s quasi-contract claim to recover the reasonable value of the years of work he performed finding Defendant a business to acquire and causing an acquisition to take place, was barred by the Statute of Frauds provision relating to negotiating the purchase of a business opportunity.  As a result, despite the clear understanding of the parties that Plaintiff would be compensated in some capacity for his efforts, the Court held that Plaintiff had, in essence, worked for free in bringing about a $2 billion transaction.    

            While this case does not seem to have changed the law, it does bring forth a stark reminder that potential business partners need to firm up their understandings of a deal and put it in writing, before they begin expending resources to bring it about.  Otherwise, the law may not provide a remedy to the aggrieved party, no matter how unfair the circumstances seem. If you require legal advice about your business, contact us and deal with an experienced business attorney.

Comments Off