By: Chelsea Gulinson, Milligan Lawless, P.C.
Though overshadowed by the COVID-19 Pandemic, the Opioid Epidemic has quietly charged forward, with over 100,000 Americans dying from drug overdoses in 2021. State, local, and tribal governments have filed thousands of lawsuits against companies and individuals responsible for producing, manufacturing, distributing, or prescribing opioids seeking to hold them accountable for their role in the Epidemic. Novel legal theories, such as public nuisance violations, have been successful in some jurisdictions, but have failed in others. Some verdicts have been upheld; others reversed or remanded.
Despite this uncertain legal landscape, several Big Pharma companies have recently settled with state governments for billions of dollars and injunctive relief. Whether such an influx of cash will truly mitigate the effects of the Opioid Epidemic on the victims—those suffering from substance use disorder and families grieving their lost loved ones—is yet to be determined. This blog post briefly describes the current state of the Opioid Epidemic and recent developments in related litigation.
From 1999 to 2019, almost 500,000 Americans died from a drug overdose involving an opioid. The first wave of the Opioid Epidemic began in 1999 with increased prescriptions of opioids. In 2010, the second wave saw rapid increases in overdose deaths involving heroin. The third wave commenced in 2013, with drug overdose deaths overwhelmingly characterized by synthetic opioids, particularly fentanyl.[i]
In 2019, 70,630 drug overdose deaths occurred in the United States, a 4.3% increase from 2018. Nearly 50,000 deaths were attributable to opioids, over 36,000 involving synthetic opioids.[ii] In 2020, drug overdose deaths increased to nearly 100,000 Americans, a 30% increase from 2019. The COVID-19 Pandemic, which claimed the lives of over 1 million Americans, exacerbated the Opioid Epidemic by disrupting access to prevention, treatment, and harm reduction services. It also highlighted ongoing disparities in access to health care among minority groups. For example, drug overdose deaths disproportionately increased among Black and American Indian/Alaskan Native persons from 2019 to 2020 due to stigmatization, criminalization, and lack of access to evidence-based treatments.[iii] “Provisional” data from the CDC indicate that over 100,000 Americans died from a drug overdose in 2021.[iv]
In 2020, almost 4,000 non-fatal opioid overdoses occurred in Arizona, with 1,886 opioid-related overdose deaths. In 2021, Arizonans suffered 3,555 non-fatal opioid overdose events, and over 2,000 Arizona residents died from opioid-related overdoses. As of September 8, 2022, nearly 2,000 non-fatal opioid overdoses have occurred, and 372 Arizona residents have died from an opioid-related overdose.[v]
Data about opioid prescribing rates help illuminate how the Opioid Epidemic began, why it persists, and why many hold Big Pharma responsible for the Epidemic. Of individuals who began abusing opioids in the 1960s, more than 80% started with heroin. In contrast, of those who began abusing opioids in the 2000s, 75% started with a prescription drug, and nearly 80% of heroin users reported using prescription opioids before using heroin.[vi]
The opioid prescribing rate began to increase steadily in 2006, peaking in 2012 at more than 255 million opioid prescriptions, with a dispensing rate of 81.3 prescriptions per 100 persons. The national opioid dispensing rate declined between 2012 to 2020, with 43.3 opioid prescriptions per 100 persons in 2020 (still, more than 142 million opioid prescriptions). Although 2020 saw the lowest opioid dispensing rate to date, for which we have data, dispensing rates remained high in specific hotspots across the country. In 2020, Southern states, including Kentucky, Tennessee, Alabama, Louisiana, Mississippi, and Arkansas, saw an opioid dispensing rate between 64.1 and 82.9 opioid prescriptions per 100 persons. And some counties saw opioid dispensing rates of over 112.5 opioid prescriptions per 100 persons.[vii]
One of the first Opioid Epidemic lawsuits commenced in 2017, when the State of Oklahoma sued Johnson & Johnson, Purdue Pharma, and Teva Pharmaceuticals, alleging that the companies deceptively marketed opioids in Oklahoma. After settling with Purdue Pharma and Teva Pharmaceuticals, the State dismissed all claims against Johnson & Johnson except a novel public nuisance argument. After a 33-day bench trial, the Court held that Johnson & Johnson, “acting in concert with others, embarked on a major campaign in which they used branded and unbranded marketing to disseminate the messages that pain was being undertreated and ‘there was a low risk of abuse and a low danger’ . . . designed to reach Oklahoma doctors through multiple means and at multiple times over the course of the doctor’s professional education and career.”[viii] The Court awarded a $572 million judgment against Johnson & Johnson. On November 9, 2021, however, the Oklahoma Supreme Court overturned the verdict against Johnson & Johnson, holding that Oklahoma’s public nuisance law did not extend to the manufacturing, marketing, and selling of prescription opioids.[ix] Oklahoma later settled with Johnson & Johnson, McKesson, Cardinal, and AmerisourceBergen for $26 billion.[x]
New Hampshire filed suit against Johnson & Johnson’s subsidiaries in 2018, alleging that the company misrepresented that their opioids were safer than alternatives in aggressive marketing to prescribers and patients. New Hampshire also alleged that the company “disseminated misleading statements about opioids, that they promoted the false concept of pseudoaddiction and that they misrepresented that their opioids were rarely addictive when used for chronic pain.” On September 1, 2022, Johnson & Johnson entered into a $40.5 million settlement with New Hampshire, with $21.5 million of the settlement to be used for opioid abatement purposes. Along with the settlement payment, Johnson & Johnson agreed to a ban on selling and manufacturing opioids, promoting opioids and opioid products, and prescription savings programs, as well as lobbying restrictions and stringent enforcement provisions.[xi]
The Ohio Multi-District Litigation – a consolidation of over 3,000 cases brought by state, local, and tribal governments – has recently held pharmacies responsible for their role in the Opioid Epidemic. On August 17, 2022, a court ordered CVS, Walgreens, and Walmart to pay $650.5 million to two Ohio counties after a jury returned a verdict against them last November. The jury found the defendants liable for causing a public nuisance by intentional and illegal conduct, such as oversupplying legal prescription opioids that were diverted into illicit markets.[xii] A spokesperson for CVS indicated the company would appeal, claiming that CVS’s pharmacists “fill legal prescriptions written by D.E.A.-licensed doctors who prescribe legal, F.D.A.-approved substances to treat actual patients in need.” A Walmart spokesperson blamed the “real causes of the opioid crisis, like pill mill doctors, illegal drugs and regulators asleep at the switch.”[xiii]
Pharmacies have attempted to shift blame to physicians, but the Supreme Court recently sided with two physicians convicted of unlawfully dispensing and distributing drugs and sentenced to more than 20 years in prison. The Supreme Court vacated the physicians’ convictions and rejected the government’s mens rea standard of an “objectively reasonable good-faith effort.” Instead, the Supreme Court held that the government “must prove beyond a reasonable doubt that the defendant knowingly or intentionally acted in an unauthorized manner.”[xiv]
States, municipalities, and tribal nations have filed suits against various parties, including pharmaceutical companies, manufacturers, distributors, and doctors. Big Pharma has been accused of, and found liable for, oversupplying Americans with billions of pain medications. As settlements occur, many question whether the government should also be held responsible for its failures in preventing and combating the Epidemic. For example, some point to the FDA’s approval of OxyContin’s revised 2001 label for “around-the-clock” pain relief. Others find fault with the DEA due to the agency’s slow response to the significant increase in the use and diversion of opioids, failure to use available resources, and inadequate policies that did not hold registrants accountable or prevent diversion of pharmaceutical opioids.[xv] And although defendants have agreed to pay billions of dollars to help compensate victims, others are not confident that governments receiving the settlement funds will spend these funds effectively. Perhaps jaded by states’ misspending of their annual proceeds from the $246 billion tobacco Master Settlement Agreement, the likelihood of fights between state and local governments, and politicians on both sides of the political spectrum, critics are rightly concerned about whether the victims of the Opioid Epidemic will see any meaningful relief.[xvi]
[i] Understanding the Epidemic, CDC, https://www.cdc.gov/drugoverdose/epidemic/index.html (last accessed Sept. 8, 2022).
[ii] Christine L. Mattson, Ph.D. et al., Trends and Geographic Patterns in Drug and Synthetic Opioid Overdose Deaths – United States, 2013 – 2019, Morbidity and Mortality Weekly Report, CDC, Feb. 12, 2021, available at https://www.cdc.gov/mmwr/volumes/70/wr/mm7006a4.htm?s_cid=mm7006a4_w.
[iii] Mbabazi Kariisa, PhD et al., Vital Signs: Drug Overdose Deaths, by Selected Sociodemographic and Social Determinants of Health Characteristics – 25 States and the District of Columbia, 2019-2020, Morbidity and Mortality Weekly Report, CDC, July 22, 2022, available at https://www.cdc.gov/mmwr/volumes/71/wr/mm7129e2.htm?s_cid=mm7129e2_w#suggestedcitation.
[iv] Provisional Drug Overdose Death Counts, National Center for Health Statistics, CDC, https://www.cdc.gov/nchs/nvss/vsrr/drug-overdose-data.htm#notes (last accessed Sept. 8, 2022).
[v] Weekly Opioid Data, Opioid Prevention, Arizona Department of Health Services, https://www.azdhs.gov/opioid/ (last accessed Sept. 8, 2022).
[vi] Prescription Opioids and Heroin Research Report, National Institute on Drug Abuse, Rev. Jan. 2018, available at https://nida.nih.gov/download/19774/prescription-opioids-heroin-research-report.pdf?v=fc86d9fdda38d0f275b23cd969da1a1f.
[vii] U.S. Opioid Dispensing Rate Map, CDC, available at https://www.cdc.gov/drugoverdose/rxrate-maps/index.html (last accessed Sept. 8, 2022).
[viii] Judgment After Non-Jury Trial, State of Oklahoma ex rel. Hunter v. Purdue Pharma, L.P. et al., District Court of Cleveland County State of Oklahoma, case no. CJ-2017-816 (Aug. 26, 2019), available at https://int.nyt.com/data/documenthelper/1660-oklahoma-opioid-trial-johnson-and-johnson/79f3fe55f5fa1a75bd48/optimized/full.pdf#page=1.
[ix] District Court’s Judgment Reversed, State of Oklahoma ex rel. Hunter v. Johnson & Johnson et al., Supreme Court of the State of Oklahoma, case no. 118,474 (Nov. 9, 2021), available at https://www.washingtonpost.com/context/oklahoma-court-overturns-465m-opioid-ruling-against-j-j/159ce2c6-f6ba-4e6a-bfaa-539702c744be/?itid=lk_inline_manual_4.
[x] Christine Minhee, States and Localities Have $38 Billion (Ish) on the Table, available at https://www.opioidsettlementtracker.com/globalsettlementtracker (last access Sept. 9, 2022).
[xi] Attorney General Reaches $40.5 Million Settlement with Johnson & Johnson to Settle Opioid Claims, New Hampshire Department of Justice, Sept. 1, 2022, https://www.doj.nh.gov/news/2022/2022901-opioid-settlement.htm.
[xii] Abatement Order, In re National Prescription Opiate Litigation, United States District Court Northern District of Ohio, case no. 1:17-md-2804 (Aug. 17, 2022), available at https://www.ohnd.uscourts.gov/sites/ohnd/files/4611.pdf.
[xiii] Jan Hoffman, CVS, Walgreens and Walmart Must Pay $650.5 Million in Ohio Opioids Case, N.Y. Times (Aug. 18, 2022), available at https://www.nytimes.com/2022/08/17/health/opioids-cvs-walmart-walgreens.html.
[xiv] See Siulu Ruan v. United States, Supreme Court of the United States, case no. 20-1410 (June 27, 2022), available at https://www.supremecourt.gov/opinions/21pdf/20-1410_1an2.pdf.
[xv] Review of the Drug Enforcement Administration’s Regulatory and Enforcement Efforts to Control the Diversion of Opioids, Office of the Inspector General, U.S. Department of Justice (Sept. 2019), available at https://oig.justice.gov/reports/2019/e1905.pdf.
[xvi] See Christine Minhee, supra note x, at https://www.opioidsettlementtracker.com/faq/#bigtobacco.
Subtenant – Coppersmith Brockelman PLC
Senior Privacy Program Director – Banner Health
Find your path in health care. We want to change the lives of those in our care – and the people who choose to take on this challenge. If you’re…
Assistant General Counsel – Phoenix Children’s Hospital
Position Summary: The Assistant General Counsel will report to the Phoenix Children’s Hospital Executive Vice President and General Counsel and provide a broad range of in-house legal support to the …
Opioid Epidemic Litigation Update: Defendants Are Settling, but Who Will Benefit?
By: Chelsea Gulinson, Milligan Lawless, P.C.
Though overshadowed by the COVID-19 Pandemic, the Opioid Epidemic has quietly charged forward, with over 100,000 Americans dying from drug overdoses in 2021. State, local, and tribal governments have filed thousands of lawsuits against companies and individuals responsible for producing, manufacturing, distributing, or prescribing opioids seeking to hold them accountable for their role in the Epidemic. Novel legal theories, such as public nuisance violations, have been successful in some jurisdictions, but have failed in others. Some verdicts have been upheld; others reversed or remanded.
Despite this uncertain legal landscape, several Big Pharma companies have recently settled with state governments for billions of dollars and injunctive relief. Whether such an influx of cash will truly mitigate the effects of the Opioid Epidemic on the victims—those suffering from substance use disorder and families grieving their lost loved ones—is yet to be determined. This blog post briefly describes the current state of the Opioid Epidemic and recent developments in related litigation.
From 1999 to 2019, almost 500,000 Americans died from a drug overdose involving an opioid. The first wave of the Opioid Epidemic began in 1999 with increased prescriptions of opioids. In 2010, the second wave saw rapid increases in overdose deaths involving heroin. The third wave commenced in 2013, with drug overdose deaths overwhelmingly characterized by synthetic opioids, particularly fentanyl.[i]
In 2019, 70,630 drug overdose deaths occurred in the United States, a 4.3% increase from 2018. Nearly 50,000 deaths were attributable to opioids, over 36,000 involving synthetic opioids.[ii] In 2020, drug overdose deaths increased to nearly 100,000 Americans, a 30% increase from 2019. The COVID-19 Pandemic, which claimed the lives of over 1 million Americans, exacerbated the Opioid Epidemic by disrupting access to prevention, treatment, and harm reduction services. It also highlighted ongoing disparities in access to health care among minority groups. For example, drug overdose deaths disproportionately increased among Black and American Indian/Alaskan Native persons from 2019 to 2020 due to stigmatization, criminalization, and lack of access to evidence-based treatments.[iii] “Provisional” data from the CDC indicate that over 100,000 Americans died from a drug overdose in 2021.[iv]
In 2020, almost 4,000 non-fatal opioid overdoses occurred in Arizona, with 1,886 opioid-related overdose deaths. In 2021, Arizonans suffered 3,555 non-fatal opioid overdose events, and over 2,000 Arizona residents died from opioid-related overdoses. As of September 8, 2022, nearly 2,000 non-fatal opioid overdoses have occurred, and 372 Arizona residents have died from an opioid-related overdose.[v]
Data about opioid prescribing rates help illuminate how the Opioid Epidemic began, why it persists, and why many hold Big Pharma responsible for the Epidemic. Of individuals who began abusing opioids in the 1960s, more than 80% started with heroin. In contrast, of those who began abusing opioids in the 2000s, 75% started with a prescription drug, and nearly 80% of heroin users reported using prescription opioids before using heroin.[vi]
The opioid prescribing rate began to increase steadily in 2006, peaking in 2012 at more than 255 million opioid prescriptions, with a dispensing rate of 81.3 prescriptions per 100 persons. The national opioid dispensing rate declined between 2012 to 2020, with 43.3 opioid prescriptions per 100 persons in 2020 (still, more than 142 million opioid prescriptions). Although 2020 saw the lowest opioid dispensing rate to date, for which we have data, dispensing rates remained high in specific hotspots across the country. In 2020, Southern states, including Kentucky, Tennessee, Alabama, Louisiana, Mississippi, and Arkansas, saw an opioid dispensing rate between 64.1 and 82.9 opioid prescriptions per 100 persons. And some counties saw opioid dispensing rates of over 112.5 opioid prescriptions per 100 persons.[vii]
One of the first Opioid Epidemic lawsuits commenced in 2017, when the State of Oklahoma sued Johnson & Johnson, Purdue Pharma, and Teva Pharmaceuticals, alleging that the companies deceptively marketed opioids in Oklahoma. After settling with Purdue Pharma and Teva Pharmaceuticals, the State dismissed all claims against Johnson & Johnson except a novel public nuisance argument. After a 33-day bench trial, the Court held that Johnson & Johnson, “acting in concert with others, embarked on a major campaign in which they used branded and unbranded marketing to disseminate the messages that pain was being undertreated and ‘there was a low risk of abuse and a low danger’ . . . designed to reach Oklahoma doctors through multiple means and at multiple times over the course of the doctor’s professional education and career.”[viii] The Court awarded a $572 million judgment against Johnson & Johnson. On November 9, 2021, however, the Oklahoma Supreme Court overturned the verdict against Johnson & Johnson, holding that Oklahoma’s public nuisance law did not extend to the manufacturing, marketing, and selling of prescription opioids.[ix] Oklahoma later settled with Johnson & Johnson, McKesson, Cardinal, and AmerisourceBergen for $26 billion.[x]
New Hampshire filed suit against Johnson & Johnson’s subsidiaries in 2018, alleging that the company misrepresented that their opioids were safer than alternatives in aggressive marketing to prescribers and patients. New Hampshire also alleged that the company “disseminated misleading statements about opioids, that they promoted the false concept of pseudoaddiction and that they misrepresented that their opioids were rarely addictive when used for chronic pain.” On September 1, 2022, Johnson & Johnson entered into a $40.5 million settlement with New Hampshire, with $21.5 million of the settlement to be used for opioid abatement purposes. Along with the settlement payment, Johnson & Johnson agreed to a ban on selling and manufacturing opioids, promoting opioids and opioid products, and prescription savings programs, as well as lobbying restrictions and stringent enforcement provisions.[xi]
The Ohio Multi-District Litigation – a consolidation of over 3,000 cases brought by state, local, and tribal governments – has recently held pharmacies responsible for their role in the Opioid Epidemic. On August 17, 2022, a court ordered CVS, Walgreens, and Walmart to pay $650.5 million to two Ohio counties after a jury returned a verdict against them last November. The jury found the defendants liable for causing a public nuisance by intentional and illegal conduct, such as oversupplying legal prescription opioids that were diverted into illicit markets.[xii] A spokesperson for CVS indicated the company would appeal, claiming that CVS’s pharmacists “fill legal prescriptions written by D.E.A.-licensed doctors who prescribe legal, F.D.A.-approved substances to treat actual patients in need.” A Walmart spokesperson blamed the “real causes of the opioid crisis, like pill mill doctors, illegal drugs and regulators asleep at the switch.”[xiii]
Pharmacies have attempted to shift blame to physicians, but the Supreme Court recently sided with two physicians convicted of unlawfully dispensing and distributing drugs and sentenced to more than 20 years in prison. The Supreme Court vacated the physicians’ convictions and rejected the government’s mens rea standard of an “objectively reasonable good-faith effort.” Instead, the Supreme Court held that the government “must prove beyond a reasonable doubt that the defendant knowingly or intentionally acted in an unauthorized manner.”[xiv]
States, municipalities, and tribal nations have filed suits against various parties, including pharmaceutical companies, manufacturers, distributors, and doctors. Big Pharma has been accused of, and found liable for, oversupplying Americans with billions of pain medications. As settlements occur, many question whether the government should also be held responsible for its failures in preventing and combating the Epidemic. For example, some point to the FDA’s approval of OxyContin’s revised 2001 label for “around-the-clock” pain relief. Others find fault with the DEA due to the agency’s slow response to the significant increase in the use and diversion of opioids, failure to use available resources, and inadequate policies that did not hold registrants accountable or prevent diversion of pharmaceutical opioids.[xv] And although defendants have agreed to pay billions of dollars to help compensate victims, others are not confident that governments receiving the settlement funds will spend these funds effectively. Perhaps jaded by states’ misspending of their annual proceeds from the $246 billion tobacco Master Settlement Agreement, the likelihood of fights between state and local governments, and politicians on both sides of the political spectrum, critics are rightly concerned about whether the victims of the Opioid Epidemic will see any meaningful relief.[xvi]
[i] Understanding the Epidemic, CDC, https://www.cdc.gov/drugoverdose/epidemic/index.html (last accessed Sept. 8, 2022).
[ii] Christine L. Mattson, Ph.D. et al., Trends and Geographic Patterns in Drug and Synthetic Opioid Overdose Deaths – United States, 2013 – 2019, Morbidity and Mortality Weekly Report, CDC, Feb. 12, 2021, available at https://www.cdc.gov/mmwr/volumes/70/wr/mm7006a4.htm?s_cid=mm7006a4_w.
[iii] Mbabazi Kariisa, PhD et al., Vital Signs: Drug Overdose Deaths, by Selected Sociodemographic and Social Determinants of Health Characteristics – 25 States and the District of Columbia, 2019-2020, Morbidity and Mortality Weekly Report, CDC, July 22, 2022, available at https://www.cdc.gov/mmwr/volumes/71/wr/mm7129e2.htm?s_cid=mm7129e2_w#suggestedcitation.
[iv] Provisional Drug Overdose Death Counts, National Center for Health Statistics, CDC, https://www.cdc.gov/nchs/nvss/vsrr/drug-overdose-data.htm#notes (last accessed Sept. 8, 2022).
[v] Weekly Opioid Data, Opioid Prevention, Arizona Department of Health Services, https://www.azdhs.gov/opioid/ (last accessed Sept. 8, 2022).
[vi] Prescription Opioids and Heroin Research Report, National Institute on Drug Abuse, Rev. Jan. 2018, available at https://nida.nih.gov/download/19774/prescription-opioids-heroin-research-report.pdf?v=fc86d9fdda38d0f275b23cd969da1a1f.
[vii] U.S. Opioid Dispensing Rate Map, CDC, available at https://www.cdc.gov/drugoverdose/rxrate-maps/index.html (last accessed Sept. 8, 2022).
[viii] Judgment After Non-Jury Trial, State of Oklahoma ex rel. Hunter v. Purdue Pharma, L.P. et al., District Court of Cleveland County State of Oklahoma, case no. CJ-2017-816 (Aug. 26, 2019), available at https://int.nyt.com/data/documenthelper/1660-oklahoma-opioid-trial-johnson-and-johnson/79f3fe55f5fa1a75bd48/optimized/full.pdf#page=1.
[ix] District Court’s Judgment Reversed, State of Oklahoma ex rel. Hunter v. Johnson & Johnson et al., Supreme Court of the State of Oklahoma, case no. 118,474 (Nov. 9, 2021), available at https://www.washingtonpost.com/context/oklahoma-court-overturns-465m-opioid-ruling-against-j-j/159ce2c6-f6ba-4e6a-bfaa-539702c744be/?itid=lk_inline_manual_4.
[x] Christine Minhee, States and Localities Have $38 Billion (Ish) on the Table, available at https://www.opioidsettlementtracker.com/globalsettlementtracker (last access Sept. 9, 2022).
[xi] Attorney General Reaches $40.5 Million Settlement with Johnson & Johnson to Settle Opioid Claims, New Hampshire Department of Justice, Sept. 1, 2022, https://www.doj.nh.gov/news/2022/2022901-opioid-settlement.htm.
[xii] Abatement Order, In re National Prescription Opiate Litigation, United States District Court Northern District of Ohio, case no. 1:17-md-2804 (Aug. 17, 2022), available at https://www.ohnd.uscourts.gov/sites/ohnd/files/4611.pdf.
[xiii] Jan Hoffman, CVS, Walgreens and Walmart Must Pay $650.5 Million in Ohio Opioids Case, N.Y. Times (Aug. 18, 2022), available at https://www.nytimes.com/2022/08/17/health/opioids-cvs-walmart-walgreens.html.
[xiv] See Siulu Ruan v. United States, Supreme Court of the United States, case no. 20-1410 (June 27, 2022), available at https://www.supremecourt.gov/opinions/21pdf/20-1410_1an2.pdf.
[xv] Review of the Drug Enforcement Administration’s Regulatory and Enforcement Efforts to Control the Diversion of Opioids, Office of the Inspector General, U.S. Department of Justice (Sept. 2019), available at https://oig.justice.gov/reports/2019/e1905.pdf.
[xvi] See Christine Minhee, supra note x, at https://www.opioidsettlementtracker.com/faq/#bigtobacco.
Deputy General Counsel – AHCCCS
Arizona Health Care Cost Containment System (AHCCCS) Accountability, Community, Innovation, Leadership, Passion, Quality, Respect, Courage, TeamworkThe Arizona Health Care Cost Containment System (AHCCCS), Arizona’s Medicaid agency, is driven by its…
Regulatory and Compliance Lawyer
Warren Recruiting seeks a talented Regulatory and Compliance Lawyer for an In-House Legal role with a tier-one medical institution based in Houston, Texas. The position will focus specifically on research…
Health App Confusion: (Another) Reason for a Comprehensive Federal Data Privacy Framework
By: Chase Millea, Snell & Wilmer[1]
We’ve all had heard it from one of our more active friends:
“Have you tried that latest health app? It tracks your fitness – from what you eat to how you sleep to counting every step you take. You can put in your chronic conditions, medications and the last time you took a sip of water so you can make sure everything is in one place. And since it’s a health app its HIPAA certified so your information is totally secure.”
This example may make some readers of the AzSHA blog chuckle, but the growing number of health apps – from wearable watches to mobile medication management tools – present an interesting challenge for consumers to determine exactly which laws apply to which apps, and, importantly, how their health information is collected, used and disclosed.
In the nearly thirty years since its promulgation, HIPAA – the Health Insurance Portability and Accountability Act – has gained significant traction as a pop-culture norm: when we hear health, we often think HIPAA, and the constraints it places on the sharing of health information.
This normalization may constitute a great achievement for public understanding around rights in “protected health information” or “PHI,” the limited type of health information actually regulated under HIPAA; however, odds are (as supported by impromptu polls of friends, family, and even developers of mobile health apps), the general perception of HIPAA applicability may be much wider than the law provides.
In other words, people hear health in a variety of contexts (whether at a hospital or in a free fitness app) and may think the processing of their health data is always subject to the robust privacy and security protections required under HIPAA.
Of course, HIPAA does not apply in many health app contexts (as described further below). And with the growing number of such products in the marketplace, now may seem like a good time to review the current legal landscape around these products and to think through how a federal data privacy framework may be needed to resolve consumer confusion by setting national standards on the use of personal information (including identifiable health information).
Before we get into proposing amendments to federal law though, let’s start with the status quo. First recall that HIPAA applies to covered entities (i.e., healthcare providers, health plans and healthcare clearinghouses) and their business associates (i.e., organizations providing services to covered entities).[2] If an entity is subject to HIPAA, federal law requires that organization to (i) implement administrative, technical and physical safeguards to prevent the unauthorized access, use or disclosure of PHI, and (ii) not disclose a patient’s PHI without the patient’s authorization, or unless an exception applies.[3]
So, if a primary care physician offers her patients access to an online portal to view their records, as a healthcare provider, that physician is likely required to comply with HIPAA, and it should generally be safe to assume those administrative, technical and physical safeguards (including use and disclosure restrictions) are in place.
Conversely though, the health app from the large software provider that enables consumers to personally track diet, nutrition, medication management and other notes about the individual’s healthcare – HIPAA? Not this time. Since in this case the app provider is not a covered entity nor business associate, the app provider is not subject to HIPAA and so individuals’ information is not guaranteed those same robust federal safeguards. And without a national consumer privacy law governing the use and disclosure of personal information generally, health information that is not PHI (i.e., regulated under HIPAA) does not receive any substantial protections under federal law.
Some states, including California, Colorado and Virginia are addressing this issue through state consumer privacy laws (e.g., the California Consumer Privacy Act or “CCPA”). Many other states are considering similar (and yet non-standard) approaches.[4]
Under the CCPA, certain entities (i.e., for-profit organizations processing data about large quantities of California residents) are required to adhere to rules around the processing of “personal information” (which does include healthinformation not covered under HIPAA).[5] CCPA requires regulated entities to notify consumers of that entity’s uses and disclosures of consumer data (see the “privacy policy” linked at the bottom of nearly every website you visit), and to adhere to consumer requests to review, amend and delete their personal information. Further, the California Privacy Rights Act creates a category of “sensitive personal information” that aims to protect sensitive categories of information (including genetic data, but not health information generally).[6]
So at least some states are thinking about how to protect some health data that may fall outside of HIPAA, but this is the AzSHA blog, so what do other state laws have to do with us? Well, to the extent an app provider processing your health data is not subject to these laws, the answer is nothing – and that’s kind of the issue.
Currently, Arizona law only requires organizations processing personal information in Arizona to provide breach notification in the event of an unauthorized disclosure of that data.[7] However, Arizona does not have a consumer privacy law like CCPA, so does not require organizations to provide Arizona residents with various rights – including to review, amend, and delete personal information processed about them – as required in states like California.
To avoid a hodge-podge of state consumer privacy laws with good intentions and poor practicality, the obvious solution seems to be a federal standard. There’s been talk about a federal law similar to the EU General Data Protection Rule[8]for years, however none have gotten across the legislative finish line. And consumer confusion seems to be a persistent consequence.
Much like HIPAA did with PHI, a comprehensive federal framework may bring standardization to the growing variety in the marketplace, and provide an opportunity to build public understanding of uniform requirements around the use of consumer personal information (including health information not covered under HIPAA).
The proposed American Data Privacy and Protection Act (“ADPPA”), which includes a category of “sensitive covered data” that captures information relating to the “healthcare condition or treatment of an individual” may be the closest shot yet to laying this federal foundation.[9] This process has been a long one, though, so we won’t hold our breath for the ADPPA to cross the president’s desk just yet.
While we await a federal sea change, maybe it’s best to end with what initiated this blog in the first place: a general perception that consumers are not aware of the laws applicable to the processing of their personal information, including, and maybe especially, their health information. In my practice, I find many consumers (and frankly business teams developing health apps), are confused about when HIPAA applies and which laws protect the processing of what health information.
So be aware of the confusion and maybe conduct an informal poll or two yourself. And the next time your friend asks, “have you tried that new health app” take a deep breath and just think about how much easier this may be with a federal standard.
[1] This blog represents current, general opinions of the author, and not those of his law firm or colleagues. The content should not be considered legal advice or opinion.
[2] See 45 C.F.R. § 160.103.
[3] See 45 C.F.R. § 164.304.
[4] National Conference of State Legislatures, 2022 Consumer Privacy Legislation, available at https://www.ncsl.org/research/telecommunications-and-information-technology/2022-consumer-privacy-legislation.aspx#:~:text=Creates%20the%20Consumer%20Privacy%20Act,or%20before%20the%20point%20of
[5] California Consumer Privacy Act, Cal. Civ. Code § 1798.140.
[6] Id.
[7] ARS § 18-552.
[8] Regulation (EU) 2016/679 (General Data Protection Regulation).
[9] American Data Privacy and Protection Act, HR 8152, 117th Congress (2022), available at https://docs.house.gov/meetings/IF/IF00/20220720/115041/BILLS-117-8152-P000034-Amdt-1.pdf
Behavioral Health Law: A Quick Introduction
By: Erica Erman, Dickinson Wright
Behavioral health law is an incredibly important and growing area of the law. There are numerous special rules and nuances involved, which is one of the reasons most of us likely see behavioral health law as an “exception”, i.e. you can release documents except for the substance use records, etc. Many rules deal with children or vulnerable populations, oftentimes in emergency or high-risk situations, and the consequences are as significant as they get, including suicide and trauma to name only two. It is also an incredibly rewarding area of the law to practice because you have the chance to make a significant difference in so many lives where help is truly needed.
What is behavioral health?
Behavioral health covers a variety of conditions: suicide prevention, developmental disabilities, anxiety disorders, autism spectrum disorder, bipolar disorder, depression, ADHD, eating disorders, OCD, substance use and co-occurring mental disorders, PTSD, and more.
Health care law covers a huge amount of ground. Behavioral health care law encompasses health care law and then adds even more regulations and requirements in large part due to the particularly sensitive nature of behavioral health conditions.
What are some examples of Arizona state entities involved in behavioral health care?
To name a few, there is Arizona’s Medicaid agency, AHCCCS, which includes ALTCS, Arizona’s Long Term Care System, and contracts with RBHAs, Arizona’s Regional Behavioral Health Authorities, to provide services across the state. The Arizona Department of Economic Security (ADES) includes the Division of Developmental Disabilities (the DDD) which handles essential services for autism spectrum disorder. The Department of Economic Security also includes the Arizona Early Intervention Program, which is Arizona’s statewide interagency system of services and supports for families of infants and toddlers, for children from birth to 3 years of age with disabilities or delays, including those at risk for developing autism spectrum disorder. The Arizona professional regulatory boards such as the Board of Behavioral Health Examiners, Medical Board, Board of Osteopathic Examiners, and State Board of Nursing, among others, regulate behavioral health care providers.
What are a few examples of hot topics in behavioral health law?
Mental health parity is the idea that mental health and substance use disorder (SUD) benefits and coverage be on par with medical and surgical benefits and coverage. That is what the Federal Parity Act (officially called the Paul Wellstone and Pete Domenici Mental Health Parity and Addiction Equity Act of 2008, and also commonly referred to as MHPAEA) is all about.
The Parity Act prevents group health plans and health insurance issuers from imposing more restrictive limitations on mental health or SUD benefits than on medical or surgical benefits.
Why was this Act necessary? Historically, mental health and substance use disorders have not been treated on par with traditional medical/surgical issues. There was and still is significant stigma around addiction and behavioral health issues. The Parity Act aims to make sure that those individuals who need behavioral health benefits have them at the same levels they would for a medical or surgical issue. A few important caveats: the Parity Act doesn’t apply to small employers (under 50 employees) and it only applies to plans that do offer mental health or SUD benefits. But here is where other legislation comes into play: Plans must have “essential health benefits,” which includes “behavioral health” (treatment for mental illness, substance use disorders, and developmental disabilities) under the Affordable Care Act. The ACA established mental health care as an essential health benefit. The Parity Act was passed over 11 years ago, but it is a hot topic now because enforcement of the Parity Act over the last few years has started ramping up. Much of the successful litigation to enforce the Parity Act is based in ERISA, the Employee Retirement Income Security Act, and the idea that health insurers, health plans, and plan administrators are fiduciaries under ERISA. As fiduciaries, these entities are required to make sure the provisions of the Parity Act are being followed.
You may have heard of the landmark case Wit v. United Behavioral Health from March 2019, which identified 8 generally accepted standards of care for behavioral health and later ordered UBH to reprocess more than 60,000 claims that had been initially denied for not meeting UBH’s medical necessity guidelines.[1] This case recently made headlines again in March 2022 when the Ninth Circuit reversed the district court’s order to reprocess the claims in a surprisingly short memorandum decision that left more questions than answers. This case continues to be significant for its 8 generally accepted standards of care for behavioral health—which were not overturned—and as a signal that parity cases may in the future shift gears from focusing on ERISA to focusing on federal and state discrimination laws for evaluating whether the application (or lack thereof) of behavioral health benefits was on par with the application of medical/surgical benefits.
At the time of writing this blog post, the Federal Public Health Emergency (PHE) for COVID-19 is still in effect. An area garnering much interest from behavioral health providers is how tele-behavioral health will function in a post-PHE reality. Here is a short list of 5 relevant federal laws or guidance for behavioral telehealth reimbursement.
(1) The 2008 Ryan Haight Act – this Act essentially limits prescribing controlled substances over telehealth if a provider has never examined the patient in-person before. There are several important exceptions, including that the Ryan Haight Act does not apply during a public health emergency. This Act will reemerge at the conclusion of the PHE unless there is new legislation to change it.
(2) The SUPPORT Act – enacted in October 2018, this Act carved out an exception for reimbursement such that a patient being treated for SUD and co-occurring mental conditions does not need to live in a rural area or have an appointment at a health care facility for the provider to be reimbursed.
(3) Consolidated Appropriations Act of 2021 (enacted in 2020) – this legislation created a permanent exception for reimbursement of mental health services, making it possible for providers to be reimbursed regardless of where their patient is located. However, the legislature put in an additional requirement that for those mental health services to be reimbursed, the patient must have an in-person visit within 6 months before the provision of telehealth. There are some narrow exceptions.
(4) 2022 Medicare Physician Fee Schedule – CMS added onto the 6 month rule from the CAA of 2021 (above) a new requirement that after the telehealth visit, to be eligible for reimbursement, the patient needs to visit the provider in-person again within 12 months. Again, there are several exceptions. Additionally, CMS expanded the modality of services that can be provided: reimbursement is now possible for mental health services delivered via audio-only telecommunications technology.
(5) Consolidated Appropriations Act of 2022 – this Act, which became law recently on March 15, 2022, does not add any permanent changes to the SUD and mental health provisions discussed above, but it does add a roughly 5 month extension to the temporary telehealth provisions currently in place after the PHE ends.
Arizona enacted PSYPACT – the Psychology Interjurisdictional Compact that facilitates the practice of telepsychology and temporary in person, face-to-face practice of psychology across state boundaries – several years ago. Arizona providers have greater access to telepractice now that 30 states have enacted PSYPACT with more on the way.
One Compact you may not have heard of yet that could be very helpful for the behavioral health field in the future is the Interstate Compact for Counselor Licensure. This Compact is not yet operational, as it needs at least 10 states to enact it first, but it is close with 9 already signed on. This Compact is for Licensed Professional Counselors (LPCs) only. It specifically does not include licensed marriage and family therapists or licensed clinical social workers. Arizona currently does not have legislation pending for this Compact, but we may see legislation in the future.
Conclusion
There are many facets to behavioral health law and the above barely scratches the surface. Thanks for reading and don’t forget that after July 16, 2022, anyone can dial 9-8-8 and be connected to the National Crisis Hotline/Suicide Prevention Hotline. You can reach me at 602-889-5342 or EErman@dickinson-wright.com.
[1] You can read more about this decision here: https://www.dickinson-wright.com/news-alerts/highlights-from-wit-united-behavioral-health-case
Senior Associate General Counsel – Banner Health
Find your path in health care. At Banner Health, caring for people is at the core of all we do. We are committed to diversity, equity and inclusion. In this…
Seeking Local Counsel for Lawsuits
Local counsel needed for multiple provider-side managed care lawsuits involving care rendered by ambulatory surgery centers. Lawsuits will be adverse to several major insurers/TPAs in Arizona. Please contact Eric…