Health Law Pointers - Volume II, No. 4

The Current Fate of Lawsuits Against HMOs

Both federal and state courts have been reviewing a wide variety of claims against health maintenance organizations ("HMOs"). Some are successful claims; others are not. State legislatures are also considering measures to allow lawsuits against HMOs for failing to make medical treatment decisions based solely on the exclusive interests of their members. As illustrated below, the courts, as well as state governments, are beginning to narrow the legal theories under which claims against HMOs may be made.

On June 12, 2000, the United States Supreme Court unanimously rejected an ERISA breach of fiduciary duty claim against an HMO in PEGRAM v. HERDRICH . The issue before the high court was whether the HMO had breached its fiduciary duty to its members because a physician-owner of the HMO based a member’s course of treatment on her own financial interest rather than the exclusive interest of the member. The Court held that the HMO was not acting as fiduciary as defined under ERISA, but rather that the physician-owner’s mixed eligibility and treatment decision was guided by the primary purpose of any HMO – rationing care and limiting expenses.

In May of this year, an Illinois Supreme Court upheld a member’s malpractice claim against an HMO. The member sued the HMO for its negligence in "over-assigning" patients to a participating physician (the physician was assigned 4,500 patients by the HMO). The physician failed to respond to the member’s request for treatment because he became overwhelmed with his patient load.

The court stated that because HMOs have an expansive role in providing comprehensive health services to their members, they, like hospitals, must conform to the legal standard of reasonable conduct in fulfilling that role. Since the HMO was actively soliciting members at the same time it lacked participating physicians to treat these members, the court easily inferred that the physician’s failure to see the patient resulted from the HMOs over-assignment of patients. To view this decision, click on

And recently, Oklahoma joined Texas, Georgia, California, Arizona and Washington in allowing lawsuits against HMOs. The Oklahoma bill, like the other state laws, permits members to sue their HMOs for failure to exercise ordinary care in making treatment decisions. Each state enacting such legislation requires the member to exhaust his or her appeals and review processes before bringing a cause of action against the HMO. Opponents to these laws fear that employers will discontinue health insurance plans because of the increased costs resulting from such litigation. It is too soon to determine whether these fears will become reality.

New York HMO May Be Liable
For Employee’s Breach of Patient Confidentiality
Outside of the Workplace

A New York appellate court has permitted a member ("Doe") of a health maintenance organization ("HMO") to proceed against the HMO for its employee’s breach of patient confidentiality while at a private party. The employee, an HMO records clerk, came across Doe’s confidential medical information while working. The employee recognized Doe as her sister’s co-worker. Later, while attending a party, the employee revealed to Doe’s co-workers that she had sought treatment from a psychiatric social worker for the breakup of a same-sex relationship.

The trial court dismissed Doe’s claims against the HMO, finding that the alleged disclosure occurred outside the scope of employment. The appellate division, however, stated that the HMO can only act through its agents and employees, and if it could not be held accountable the obligation to keep patient records confidential would be pointless.

Attorneys for the HMO believe that the court is creating "new law" by permitting this claim to proceed. They fear that employers will now be strictly liable for confidences revealed by employees outside the workplace. On the other hand, attorneys for Doe believe that the HMO and its employees owe a duty to its members to maintain patient confidentiality twenty-four hours a day, seven days a week. It is likely that the HMO will appeal to the New York Court of Appeals for a final determination on this issue.

IPAs Struggling With Texas HealthCare Companies

Humana Health Plans of Texas filed a lawsuit seeking injunctive relief when 19 Texas Independent Practice Associations ("IPAs") threatened to terminate their agreements with the healthcare company because Humana owed them approximately $10 million. The Texas District Court issued a temporary injunction against the IPAs causing 14 of the 19 IPAs to agree to binding arbitration to settle their differences with Humana. It is expected that the other 5 groups will also agree to the arbitration if a settlement is not reached before the temporary injunction expires.

In the meantime, Aetna has reached an agreement with the Texas Attorney General in an effort to pacify its Texas providers after the former Attorney General filed a lawsuit against Aetna and five other HMOs in 1998. The lawsuit accuses Aetna and the other HMOs of illegally compensating doctors for limiting patients’ medical care and penalizing those who did not. In an April 24, 2000 letter to the Attorney General, the National IPA Coalition expressed its concerns regarding the numerous loopholes, ambiguous language and a lack of future oversight in the Aetna agreement. Further, the settlement agreement lacks any imposed fines, penalties or admissions of guilt on Aetna’s part, which the National IPA Coalition says, illustrates a lack of balance in the industry.

The OIG Issues A Draft Compliance Program
For Individual and Small Group Physician Practices

On June 12, 2000, the Department of Health and Human Services, Office of the Inspector General ("OIG") issued a draft Compliance Program for individual and small group physician practices in an effort to invoke the private health community’s assistance in combating fraud and abuse. The OIG has determined that there are seven key elements necessary for an effective compliance program. These seven elements, which are contained in the draft Compliance Program, consist of:

  1. Implementing written policies;

  2. Designating a compliance officer/contact;

  3. Conducting comprehensive training and education;

  4. Developing accessible lines of communication;

  5. Conducting internal monitoring and auditing;

  6. Enforcing standards through well-publicized disciplinary guidelines; and

  7. Responding promptly to detected offenses and undertaking corrective action.

The OIG has requested comments on the draft Compliance Program. Comments are due by 5:00 p.m. on July 27, 2000. See or Monday, June 12, 2000 Federal Register, Vol. 65, No. 113.

Getting a Headstart on Complying With the Soon to be Released
Final HIPAA Privacy Requirements

The Secretary of Health is expected to release final privacy regulations under the Health Insurance Portability and Accountability Act ("HIPAA") by year’s end. Those entities required to comply with HIPAA’s electronic privacy and confidentiality standards must develop and implement various forms of protection to guard against the wrongful disclosure of patients’ protected health information. Thus, health care plans, providers, and clearinghouses (defined in the proposed regulations as "Covered Entities") will have two years from the date the regulations become final to comply with these standards.

Since the proposed regulations were released in November 1999, there has been a great deal of debate about the complexity of the regulations and the Covered Entities’ abilities to comply with these standards in an efficient, cost-effective manner within the timeframe posed. Not only will the Covered Entities be required to implement internal confidentiality policies, electronic privacy compliance programs and install software protections to safeguard electronic communications, but a Covered Entity must also require its third party vendors and consultants ("referred to in the regulations as "Business Partners") to execute "business partner agreements" to ensure that the Business Partners will comply with Covered Entities privacy policies.

To ensure that your entity will be able to meet the regulatory deadline, it is recommended that you begin planning how your entity intends to comply with these requirements. We suggest that you also begin formulating the business partner agreements to be executed by the Business Partners with whom you currently exchange patient information. Under the proposed regulations, the business partner agreement must contain certain elements such as a third-party beneficiary clause, which will permit a patient to assert a private right of action against you, the Covered Entity, and your Business Partner should the patient’s protected health information be wrongfully disclosed.

To obtain more information about "business partner agreements" and the proposed HIPAA regulations, please contact one of our Health Law Attorneys at (716) 849-8900.

Newsletter Sign Up