Emerging Health Care Litigation Issues: The Times They Are A-Changin’

By Cori H. Loomis

If you are old enough (or cool enough), you will recall a great Bob Dylan song titled “The Times They Are A-Changin’.” The title, and even some of the lyrics,1 seem especially appropriate for this topic. The implementation of the Patient Protection and Affordable Health Care Act (ACA),2 a spike in qui tam litigation and the proliferation of HIPAA3 class actions have all given rise to a host of new potential liability risks or potential claims, depending on your perspective. The purpose of this article is to discuss these emerging litigation issues.


We are just now beginning to get a glimpse of litigation that may arise under the ACA, other than the constitutional legal challenges and other challenges regarding its content. In early April, a group of plaintiffs in Nevada filed the first class action lawsuit over a state insurance marketplace.4 The lead plaintiffs assert that they purchased plans and paid premiums through the Nevada Health Link Insurance exchange. They were later informed they had no insurance coverage after incurring significant health care expenses, because the exchange failed to submit their applications and premiums to the insurance companies they selected. One plaintiff claims to owe more than $400,000 in medical bills. The class consists of all Nevada residents who applied for and paid health insurance premiums through the exchange but were denied coverage.

Even though Oklahoma did not implement a state exchange, similar administrative snafus could result in the federal exchange or other states. This lawsuit raises several legal questions about the viability of this type of lawsuit. First is whether and to what extent the state or federal exchanges may be held liable for damages. The second is whether class actions can be maintained against the exchanges. Third is whether tort damages can be established.

Another example of litigation that may arise from the ACA is the possibility that employees will file lawsuits against their employers for negative consequences occurring if the employer restructures their workforce as a response to the employer pay or play mandate.5 According to a 2014 employer survey conducted by Towers Watson and the National Business Group for Health, 95 percent of respondents continue to view benefits packages that include health coverage as something worth retaining. However, 92 percent of the respondents plan to make changes in the near-term to lessen their coverage responsibilities.6

Some employers have considered limiting the hours worked by certain employees to less than 30 to reduce the number of employees who are eligible for health plan coverage. Utilizing this strategy may raise issues under Section 510 of the Employee Retirement Income Security Act of 1974 (ERISA).

Section 510 of ERISA provides that, “It shall be unlawful for any person to discharge, fine, suspend, expel, discipline or discriminate against a participant or beneficiary for exercising any right to which he is entitled under the provisions of an employee benefit plan or for the purpose of interfering with the attainment of any right to which such participant may become entitled under the plan.”

Employees who may have been eligible for benefits as a “full-time employee equivalent” may assert any reduction in hours was “interfering with the attainment” of health plan coverage in violation of ERISA. To counter this argument, employers will assert that an employee who does not satisfy the definition of a full-time employee would not be entitled to health coverage in any circumstance. However, this argument may not succeed against “variable” hour employees who sometimes worked more than 30 hours a week and may have been entitled to health coverage pursuant to the formula used to determine full-time employee equivalents.

Since the employer mandate has been delayed until 2015 (and 2016 for employers with 50-99 employees), no claims have been filed on this issue as of yet, but speculation is that they will once the mandate goes into effect.


 In 2013, the federal government collected over $345 million from lawsuits filed by qui tam relators (whistleblowers). Of the 845 new False Claims Act (FCA)7 cases filed in 2013, whistleblowers filed 752 of them — a new record. A qui tam relator may receive as much as 30 percent of an FCA settlement, so the upward trend of filings will likely continue.
Examples of cases resolved in 2013 that illustrate the financial incentives and consequences at stake include the following:

    1)    Johnson & Johnson agreed to pay $2.2 billion to settle criminal and civil allegations that it promoted prescription drugs for off-label uses and paid kickbacks to physicians and pharmacies.
    2)    Tuomey Health care System was hit with a $273 million judgment for violations of the Stark Law, which resulted in more than 20,000 false claims.
    3)    A Florida dermatologist agreed to a $26 million settlement to resolve allegations that he accepted kickbacks from a laboratory and billed federal health care programs for medically unnecessary services. The settlement was one of the largest FCA settlements ever reached with an individual.

Oklahoma providers also have been the subject of whistleblower lawsuits. In April 2014, it was announced that The Medical Center of Southeastern Oklahoma (MCSO) and its parent company, Health Management Association Inc. (HMA), settled a lawsuit initiated by a whistleblower that they billed Medicaid for procedures that were either not medically necessary or were performed in violation. MCSO and HMA agreed to pay $1,065,000 to the federal government and $435,000 to the Oklahoma Medicaid program to resolve the lawsuit.

The specific allegations against MCSO were that it billed SoonerCare for unnecessary surgical procedures performed by the doctor. The whistleblower asserted that the doctor performed sinus surgeries that were not medically necessary on children who were Medicaid beneficiaries. Although the case was filed in 2012, the claims were for services performed from 2005 through 2010.

Because of the financial incentives involved, whistleblower litigation likely will continue to escalate and both the federal and state governments are getting in on the action. This trend will be facilitated by increased access to data (as discussed in the next section) that may make it easier to file whistleblower cases.


The payment and financial information that must now be publicly reported pursuant to the Physician Payments Sunshine Act (Sunshine Act) and the Center of Medicare and Medicaid Services’ (CMS) new policy of disclosing payments to physicians are expected to drive more qui tam litigation.

The Sunshine Act was passed as part of the ACA8 and requires pharmaceutical, medical device, biological and medical supply manufacturers to report to the Department of Health and Human Services any “payment or other transfer of value” to physicians and teaching hospitals. Manufacturers were required to submit their first reports to CMS by March 31, 2014, and CMS will release the first publication by Sept. 30, 2014. The report must include information about the amount of the payment, the date on which the payment was made, the form of payment, and the nature of the payment (e.g., gifts, consulting fees, entertainment).

The policy goal of the Sunshine Act was articulated by CMS Deputy Administrator for Program Integrity Peter Budetti, M.D., as: “You should know when your doctor has a financial relationship with the companies that manufacture or supply the medicines or medical devices you may need. Disclosure of these relationships allows patients to have more informed discussions with their doctors.”

On April 9, 2014, CMS released, for the first time, information detailing approximately $77 billion in Medicare payments to more than 880,000 health care professionals.9 In an April 2, 2014 letter to the American Medical Association (AMA), CMS said that the release is required under the Freedom of Information Act, and that “the data to be released would assist the public’s understanding of Medicare fraud, waste and abuse, as well as shed light on payments to physicians for services furnished to Medicare beneficiaries, which are governed by statutory requirements that CMS must follow.”

It is anticipated that these new sources of payment data will increase whistleblower lawsuits. On April 14, 2014, Reuters released an article that stated: “Within hours of the U.S. government’s unprecedented release last week of a trove of Medicare billing data, a small fraternity of lawyers who specialize in representing whistleblowers in health care fraud cases began to mobilize.”10

The data released pursuant to the Sunshine Act and by CMS may provide facts to support a plaintiff’s whistleblower lawsuit. On the flip side, the FCA “public disclosure bar,” which is triggered when the fraud allegations were in the public domain before a qui tam relator filed suit, may make it more difficult for whistleblowers to successfully prosecute such claims.


Even though HIPAA does not have a private right of action, a trend has developed in which a violation of HIPAA serves as a breach of duty by the covered entity in negligence cases, fiduciary duty cases, and violation of privacy cases. For example, in I.S. v. Washington University,11 the judge recognized that there was no individual private right of action under HIPAA. However, the judge also concluded that under Missouri law, HIPAA could be used to establish a standard of care, and that HIPAA could also be used to establish a legal duty of care.

In a more recent West Virginia Supreme Court case,12 the court concluded that HIPAA did not preempt common law tort claims stemming from allegations of the wrongful disclosure of health information. The plaintiff in the case sued the hospital because several hospital employees im-properly accessed his medical records in violation of a number of state laws. Allegedly, the hospital employees informed the man’s estranged wife and her divorce attorney of his psychiatric hospitalization. The hospital argued that HIPAA preempted the patient’s state law claims. The court disagreed and concluded that common law claims based on wrongful disclosure of medical or personal information are not preempted by HIPAA. It is unclear how Oklahoma courts will address state law claims based on HIPAA, but it is likely they will follow the rulings and trends in other states.

Another new, and potentially more devastating, consequence for violations of HIPAA is the emergence of class actions resulting from data breaches involving large numbers of people. Previously, the requirements for standing in a federal class action have precluded most consumer litigation alleging data breach. Actual or imminent injury was necessary for standing.13

However, the class action settlement in Curry v. AvMed Inc.,14 approved Feb. 28, 2014, may indicate that courts are willing to entertain a lower threshold for class action status in data breach cases. The facts of AvMed were that laptops that contained unencrypted protected health information of over one million health plan members were lost. Evidence showed that numerous plan members sustained financial injury as the victims of identity theft. This allowed an inference that AvMed’s failure to secure the data resulted in identity thefts and that there was a sufficient nexus between the data breach and the identity theft.

Several other class action lawsuits have been filed based on data breaches. These cases demonstrate that covered entities need to reevaluate their information technology practices and determine whether encryption software is a good investment, as opposed to the high costs of litigation, breach notification protocols, potential penalties and damages paid to plaintiffs damaged by breaches.

This article only scratches the surface of the potential new causes of action that may be arising from the rapidly changing and evolving health care landscape. In-house and outside counsel, plaintiff and defense attorneys will all have to monitor developments closely to best position their clients in this evolving environment.

1. Lyric from The Times They Are A-Changin’: “Come senators, congressmen, please heed the call; Don’t stand in the doorway, don’t block the hall; For he that gets hurt will be he who is stalled; There’s a battle outside, it’s raging; It’ll soon shake your windows and rattle your walls. For the times they are a changin’.”
2. Patient Protection and Affordable Health Care Act, Pub.L. 111−148, 124 Stat. 119, H.R. 3590, enacted March 23, 2010.
3. The Health Insurance Portability and Accountability Act of 1996 (HIPAA; Pub.L. 104–191, 110 Stat. 1936, enacted August 21, 1996) was enacted by the United States Congress and signed by President Bill Clinton in 1996. HIPAA was amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act, Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009 (ARRA), Pub. L. No. 111-5, 123 Stat. 226 (Feb. 17, 2009), codified at 42 U.S.C. §§300jj et seq.; §§17901 et seq.
4. “First class-action lawsuit filed over Nevada’s insurance marketplace,” Las Vegas Review-Journal by Jennifer Robinson (April 1, 2014) www.reviewjournal.com/business/first-class-action-lawsuit-filed-over-nevada-s-insurance-marketplace.
5. The “employer mandate” generally requires employers with 50 or more full-time (and full-time equivalents or FTEs) to provide “affordable” health insurance to 95 percent of their full-time employees or face paying a penalty.
6. www.towerswatson.com/en/Insights/IC-Types/Survey-Research-Results/2014/03/towers-watson-nbgh-employer-survey-on-purchasing-value-in-health-care.
7. 31 U.S.C. §3729 et seq.
8. Section 6002 of the ACA, 2010.
9. See, “Medicare Released Individual Physician Payment Data,” Medscape Medical News (Mark Crane, April 9, 2014). wwwmedscape.com/viewarticle/823360.
10. “Lawyers start mining the Medicare data for clues to fraud,” by Terry Baynes, April 14, 2014. www.reuters.com/article/2014/04/14/us-data-idUSBREA3DO582)140414.
11. I.S. v. Washington University, Dist. Court, ED Missouri 2011, Case Number 4:11CV235SNLJ.
12. R.K. v. St. Mary’s Med. Ctr., Inc., No. 11-0924 (W.Va. Nov. 15, 2012)/
13. See, Clapper v. Amnesty International USA, 133 S. Ct. 1138 (2013).
14. Civil Action No. 10-cv-24513 (Southern District of Florida).


Cori H. Loomis of Crowe & Dunlevy PC is a director in the business department and a member of the firm’s health care practice group. Her primary focus is on the representation of health care providers with transactional, compliance, reimbursement, legislative and regulatory compliance issues. Ms. Loomis graduated with special distinction from OU in 1991 and with honors from the University of Texas School of Law in 1994.

Originally published in the Oklahoma Bar Journal - Oct. 4, 2014 - Vol. 85, No.26

Webcast encores are available for OBA/CLE seminars. View the catalog and sign up today.