Health Information Technology Initiatives: Protecting your IP and Avoiding Legal Risks

Transcription

1 Health Information Technology Initiatives: Protecting your IP and Avoiding Legal Risks Presented By: Benjamin T. Butler Robyn W. Diaz Dennis R. Gallagher

2 HIT Legal Overview Ben Butler Today s Presentation Patent Protection For Your HIT Solutions Dennis Gallagher Beyond HIPAA : Security Breach Notifications Robyn Diaz

3 Where We Are Now HIT is a top agenda item at HHS Formation of American Health Information Community EHR-related government contract awards New regulatory developments Anti-kickback, Stark protections (proposed) HIPAA claims attachment standard (proposed) Medicare Part D e-prescribing standard (final) Congressional legislation

4 Top Agenda Item at HHS January 04 State of the Union address April 04 appointment of David Brailer, NCHIT June 05 report on RFI responses; RFPs issued August 05 ONCHIT officially established at HHS September 05 KatrinaHealth.org efforts October 05 report issued on anti-fraud impact of HIT

5 American Health Information Community Federal Commission first meeting 10/7/05 17 public/private commissioners Charter: help achieve a common interoperability framework for health IT Seeking breakthroughs for HIT adoption Early priorities: personal health records, chronic-disease monitoring, biosurveillance Also: Comm n on Systemic Interoperability Final report to Congress, HHS due October 05

6 Federal HIT Contract Awards Health IT standards unification/harmonization Compliance certification process State preemption obstacles to interoperability Measuring status of HIT adoption Development of network prototypes (TBD)

7 New Anti-Kickback, Stark Protections OIG/CMS issued proposed rules on 10/11/05 Protect e-prescribing, EHR-related donations MA plan, PDP donations of certain IT to pharmacies, physicians would qualify Other health plans not protected Primarily covers software, training Handhelds for e-prescribing could be OK EHR donations: turns on adoption of standards Incentive to adopt proprietary IT in short term? Public comments due 12/12/05

8 New HIPAA, E-Prescribing Standards HIPAA claims attachment standard Proposed HIPAA claims attachment standard issued 9/23/05 Limited to certain categories (e.g., ER, rehab) Allows flexibility in data input format (scan vs. entry) Plans get one shot to request attachments Providers get one shot to reply No unsolicited attachment unless pre-authorized Public comments due 11/22/05 E-prescribing standards: announced 10/6/05

9 Congressional Legislation Wired for Health Care Quality Act (S. 1418) Bipartisan effort of Senate HELP Committee Incorporates many of the current HHS initiatives Authorizes funding of HIT grants ($652M for 06-10) Status: Reported out of Committee Medicare Value Purchasing Act (S. 1356) Championed by Sen. Grassley Primarily targeted at value based purchasing Status: Currently under Committee review HIT legislation generally sidetracked by Katrina

10 Business Method Patents: A Growing Trend In The Healthcare Industry Presented By: Dennis R. Gallagher, Esq. dgallagher@crowell.com

11 Overview What Is A Business Method Patent? Business Method Patents In The Healthcare Industry Obtaining A Business Method Patent

12 What Is A Business Method Patent? A patent provides Right to exclude others from making, using, selling, offering for sale or importing an invention for 20 years. Patent does not provide right to practice invention. Requirements for patent protection Patentable subject matter Anything under the sun made by man Machine, manufacture, composition of matter, process Not patentable: laws of nature, natural phenomena and abstract ideas. Useful: provides concrete, tangible result

13 What Is A Business Method Patent? Requirements for patent protection (cont.) Novel: different than the prior art Non-obvious: not obvious to a person having ordinary skill in the subject matter of the patent. Business methods are patentable in the U.S. State Street Bank v. Signature Financial, 149 F.3d 1368 (Fed. Cir. 1998) Business methods subject to the same rules as any other process or method Not patentable prior to State Street Typically combine a business method and software.

14 Business Method Patents: Healthcare United States Patent & Trademark Office (PTO) classifies each patent application Traditional Classifications Relating to Healthcare Class 128: Surgery Class 424: Drugs Class 435: Chemistry: Molecular Biology and Microbiology Business Method Classifications Class 705: Data Processing: Financial, Business Practice, Management, or Cost/Price Determination PTO has established subclasses for business method patents relating to healthcare

15 Business Method Patents: Healthcare Health care management (Class 705/2) Over 1,500 patents and published patent applications Includes record management, ICDA billing Examples Automated wellness system Examination management system Double blind evaluation method for malpractice claims Integrated healthcare information system Method for evaluation of health care quality Prescription creation system RFID tracking of anesthesiologist and patient time System for administering health care cost reductions

16 Business Method Patents: Healthcare Insurance (Class 705/4) Over 750 patents and published patent applications Includes patents relating to health insurance Examples Automated classification of health insurance claims to predict claim outcome Cost projections for diagnoses Method and system for settling a patient s medical claim Preneed insurance services system System for conducting a physician-patient consultation Vision care and protection policy Web-based claims processing

17 Business Method Patents: Healthcare Patient record management (Class 705/3) Over 700 patents and published patent applications Includes HIPAA compliance, electronic medical records, and electronic health records Examples Medical image recording system Pharmaceutical inventory and dispensation computer system System and method for accounting and billing patients in a hospital environment System and method for ensuring privacy and security of medical information System and method for interlinking medical-related data

18 Business Method Patents: Healthcare Other business method subclasses may apply Staff scheduling (Class 705/9) Examples System and method for optimizing employee scheduling in a patient care environment System for aiding to make medical care schedule Business processing using cryptography (Class 705/50) Subclasses directed to data protection and privacy Examples Patient information management method and system Secure extranet operation with open access for qualified medical professional

19 Obtaining A Business Method Patent Identifying patentable subject matter Questions to consider What do you do that is different? E.g., IT systems, internal processes, products or services. What gives you a competitive advantage? E.g., better customer service; efficiency. What new products, services or procedures are you planning? Educate relevant personnel (e.g., project managers) to identify potentially patentable business methods Consult patent professional IP Audit to identify intangible assets

20 Obtaining A Business Method Patent Should you file a patent application? Compare invention to prior art Patentability search to locate potential prior art Disclosure more than one year before filing patent application? Patent professional should evaluate non-obviousness Who owns the patent rights? Patents are filed in name of inventors Companies receive rights through assignment Employees/subcontractors obligated to assign? Developed pursuant to government contract? Relate to an industry or government standard? E.g., interoperability of electronic health records

21 Obtaining A Business Method Patent Should you file a patent application? (cont.) Cost-benefit analysis Costs Attorney fees to file and prosecute patent application 3-5 years before resolution & possibility of rejection by PTO Loss of related trade secret rights Potential Benefits Protect competitive advantages and brand differentiators Preclude competitor from practicing technology Protect R&D investment Licensing royalties Litigation defense

22 Business Method Example Amazon.com one-click patent September 1997 Problem: online customers reenter personal information for each sale and, as a result, online shopping carts are often abandoned by customers before completing sale. Solution: one-click web interface and stored customer information provides satisfying user experience and more closed sales One-click patent application filed May 1998: Barnesandnoble.com offers a one-click web interface Sept.-Oct. 1999: One-click patent issues and Barnesandnoble.com sued for patent infringement Dec. 1, 1999: Preliminary injunction issues against Barnesandnoble.com March 2002: Confidential settlement

23 Health Information Technology Initiatives: Security Breach Notification Requirements Presented By: Robyn Whipple Diaz

24 Privacy and Security Breaches Still A Reality Compliance deadlines for the HIPAA Privacy and Security Rules have come and gone, but 59% of providers and 45% of payers reported that their organizations have experienced a privacy breach during a six month period in % of providers and 27% of payers reported that their organizations experienced a data security breach during the same time period Source: US Healthcare Industry HIPAA Compliance Survey, Healthcare Information and Management Systems Society, Summer 2005

25 Beyond HIPAA: State Legislatures Enter the Fray Many states have passed or are considering security breach notification laws State laws generally require prompt notification to residents of any compromises pertaining to the security, confidentiality or integrity of their personal information Some states require businesses to take measures to prevent the occurrence of breaches Some state laws provide a private right of action

26 Security Breach Scandals: Real-World Risks CardSystems: The credit data of millions of individuals was allegedly accessed by an intruder because of security vulnerabilities Class action lawsuit Investigations by the Federal Financial Institutions Examination Council and the FBI Attorneys General from 48 states demand information on consumer notification processes ChoicePoint: The personal data of approximately 145,000 consumers may have been obtained by unauthorized third parties Class action lawsuit Federal Trade Commission investigation California Senate Banking Committee investigation

27 Security Breach Scandals: Healthcare Industry Not Immune Testimony before the US Senate Committee on Banking, Housing and Urban Affairs suggested that several hospitals have experienced significant data security breaches in 2005 At least one health plan has been fined for inadvertently exposing patients confidential health information At least one physician group has experienced a significant data security breach, caused by the theft of computers containing patient information

28 Pending Federal Legislation S.1332 Would require consumer notification upon the occurrence of any breach that impacts sensitive, personally identifiable information S.1408 Would require consumer notification when personal information is compromised and a reasonable risk of identity theft exists Barton-Dingell draft bill Very broad proposal that would create a national rule for data protection, preempting state laws that expressly regulate security breaches

29 Preventing and Responding to Security Breaches Do your policies include procedures for handling the security of personal information generally (i.e., beyond the HIPAA requirements)? Do your existing information security policies comport with applicable state law? Do your policies include notification provisions that meet the latest requirements of state law?

30 Security Breach Response: Is Your Organization Ready? Draft a response protocol Decision tree Plan for notifying individuals whose personal information has been compromised Set up a security breach SWAT team Prepare template legal documents Forms for prompt notifications to individuals Forms for TROs, other legal filings Chances are, the question is not if but when!

31 Questions? Ben Butler (202) Dennis Gallagher (949) Robyn Whipple Diaz (202)