Tag: healthcare

Effects of Insurance Marketplace Uncertainty

Even as Senators continue to consider “Graham-Cassidy,” the latest Affordable Care Act (ACA) repeal legislation, insurance markets are already reacting to uncertainty and instability brought about by persistent GOP efforts to upend the post-ACA insurance landscape. Between the Trump Administration’s ongoing refusal to commit to long-term funding of the ACA’s cost-sharing reductions (CSRs) and legislative overtures to repeal key portions of the ACA, premiums have increased, insurers have exited state exchanges, and access to health care coverage has been compromised.

As the Congressional Budget Office (CBO) recently estimated, insurers are expected to “raise premiums for marketplace plans in 2018 by an average of roughly 15 percent, largely because of uncertainty about whether the federal government will continue to fund CSR payments and because of an increase in the percentage of the population living in areas with only one insurer.” Speaking to the latter factor, CBO notes that a number of insurers have withdrawn from healthcare exchanges established under the ACA, spurred, at least in part, by “uncertainty about the enforcement of the individual mandate, and uncertainty about the federal government’s future payments for [CSRs].” Although ACA proponents’ (and critics’) most dire predictions were narrowly avoided – that some counties would have no insurers offering marketplace plans – there is little doubt that insurer participation has been adversely impacted by market uncertainty, with pocketbook repercussions for policy-holders.

The turbulent political climate is also likely to reduce the number of insured individuals in 2018. CBO and the Joint Committee on Taxation anticipate lower insurance enrollment as a result of reductions in federal-sponsored advertising and outreach. Department of Health and Human Services officials recently indicated that the advertising budget for the open enrollment period commencing in November would be reduced to $10 million, amounting to a 90% reduction when compared to spending in the last year of the Obama Administration. Grants to “navigators” – nonprofit groups that assist people with marketplace insurance plan enrollment – will be reduced from approximately $63 million to $36 million.

Whether or not the worst is yet to come will hinge on the fate of Graham-Cassidy and the presently-stalled efforts to reach consensus on a bipartisan ACA stabilization bill. In what is turning out to be a recurring theme in 2017, we may have to wait several weeks for the dust to settle and reasoned prognostication to be possible.

This post was written by Matthew J. Goldman & Jordan E. Grushkin of Sheppard Mullin Richter & Hampton LLP., Copyright © 2017
For more legal analysis go to The National Law Review 

Can Congress Get to “Yes” on Replacing the Affordable Care Act?

Senate Majority Leader Mitch McConnell recently gave a candid assessment of the chances of getting an Affordable Care Act (ACA) replacement bill through the Senate, saying “I don’t know how we get to 50 (votes) at the moment.” That succinctly captures the political dilemma. There has long been broad bipartisan agreement that the nation’s health care system was in need of repair. Something had to be done to contain rapidly rising health care costs, increase the quality of medical outcomes, and to expand coverage. But there was little or no bipartisan agreement on how to do it. Indeed, no major health care initiative since Medicare was enacted in 1965 has enjoyed true bipartisan support.

The most recent effort to overhaul the health care system was no exception. The ACA passed in March 2010 with no Republican votes. That wholly partisan effort, in turn, set off a determined, seven-year-long effort by Republicans to repeal the law. The most recent step on this tortuous journey occurred on May 4, 2017 when the House passed the American Health Care Act (AHCA) by a vote of 217-213. In this case, no Democrats voted for the bill. Twenty Republicans also voted no and the bill passed with just one GOP vote more than the 216 needed to pass.

As we explain below, the ACA and AHCA are “apples and oranges” in their approaches to reforming the healthcare system. Because each proceeds from different philosophical premises, this post briefly examines their key components and primary goals without opining on the merits. Our primary focus is on the political and policy challenges faced by Senate Republicans in getting a bill passed (which remains highly uncertain) and whether such a bill will differ greatly from the House product. In our view, to achieve the GOP’s publicly stated policy objectives, and faced with the constraints imposed by the budget reconciliation rules (explained below), Senate Republicans will be forced to address essentially the same questions as their colleagues in the House—and their solutions likely will differ from those of the House mostly in degree.

What the AHCA Does

In the AHCA, House Republicans singled out a few ACA provisions they had publicly campaigned against—most of which are contained in Title I of the law. These include the mandate that individuals purchase coverage; the narrow, 3:1 modified community-rating corridor that Republicans asserted made coverage prohibitively expensive for younger individuals; and the requirement that plans sold in the individual and small-group market include a comprehensive set of covered medical and related services known as “essential health benefits” (EHBs) The AHCA also would make major changes to Medicaid that go well beyond rolling back the program expansion authorized by the ACA.

The AHCA’s primary purpose is to reduce premium costs and reduce the federal government’s role in health care by giving more authority and flexibility to the states. The ACA’s primary goal, in contrast, was to expand insurance coverage in the individual markets—and it did that, although not as much as had been predicted. Another ACA goal was to make coverage more affordable, at least for low- and moderate-income individuals—and it did that too. But the ACA did little to lower medical costs, and from the available evidence had only a marginal effect on healthcare outcomes. Neither does the AHCA address those issues. It instead focuses mainly on reducing federal expenditures, shifting costs to the states, and constraining the growth of Medicaid. The recently issued report by the Congressional Budget Office and the staff of the Joint Committee on Taxation indicates that the AHCA would achieve significant success in this regard, estimating that the bill would reduce the cumulative federal deficit over the 2017-2026 period by $119 billion.

The GOP Challenge

With their slim 52-48 majority, Republican lawmakers don’t have the votes to repeal the ACA outright. That would require 60 votes to overcome a filibuster. Instead, they must rely on a special budget strategy called “reconciliation.” Created by the Congressional Budget Act of 1974, reconciliation allows certain bills that directly impact federal spending to be passed by a simple majority. For example, reconciliation rules would allow repeal of the ACA’s individual and employer mandates by a simple 51-vote majority because those mandates directly affect revenue; but reconciliation could not be used to repeal the employer reporting rules because those provisions do not directly affect spending. These restrictions severely limit which provisions of the ACA Republicans in the Senate (and by extension the House) can replace without Democratic support. We discuss those provisions below.

The individual mandate

The ACA included an “individual mandate” that requires most U.S. citizens to buy health insurance. The purpose was to ensure broad participation in the individual markets so that there would be enough healthy individuals in the risk pool to subsidize the cost of covering those who are less healthy. Most agree that the ACA penalty for not maintaining coverage was insufficient to induce enough healthy people into the pool. The result has been steep underwriting losses which have prompted major carriers to exit the public exchanges. The AHCA would eliminate the penalty retroactively, to the beginning of 2016. In its place, the bill would impose a “continuous coverage” requirement to induce people to buy coverage and stay covered rather than buying it only when they need it, which drives up costs in the exchanges. Health carriers could assess a 30 percent penalty on individuals who have a gap in coverage of more than 63 days in the prior 12 months. The Health Insurance Portability and Accountability Act (HIPAA) has provided a similar rule for employer-provided group coverage since 1996.

Community rating

Under community rating, premiums can vary by age, among other things. In the case of age rating, actuarial principles dictate that the premiums paid by the oldest subscribers should be about five times what younger subscribers pay. To mitigate the impact on older citizens, the ACA limited the rating range to 3:1. The AHCA allows a ratio of up to 5:1 which actuaries say more closely aligns premiums with the costs associated with age. AHCA proponents assert that the maximum 3:1 ratio dictated by the ACA unfairly penalizes younger, healthier individuals, discouraging them from participating in the individual markets and contributing to the underwriting losses in the ACA exchanges. They also assert that individuals 65 and older are eligible for Medicare and that the workers affected by the 5:1 ratio would be primarily those 54 to 65 years old—generally the highest earning years.

Premium tax credits

The AHCA scraps the ACA’s cost-sharing subsidies, and replaces its premium tax credits. Beginning in 2020, the AHCA would offer credits for U.S. citizens and qualified aliens enrolled in qualified health plans who are not eligible for other sources of coverage. The credit amounts are based on age and adjusted by a formula that takes income into account. Credits would be capped according to a maximum dollar amount and family size. In general, the AHCA subsidies are less generous than those provided by the ACA. According to the CBO report, repeal of the ACA’s tax credits saves some $665 billion while the cost of the AHCA’s tax credits is $375 billion—a net savings of $290 billion.

Medicaid

Medicaid is a health insurance program with shared federal/state authority and financing. Historically, coverage generally was limited to low-income families with children, the elderly, and people with disabilities. The ACA offers states generous federal funding designed to encourage expansion of their programs to cover all Americans under age 65 whose family income is effectively at or below 138 percent percent of federal poverty guidelines ($16,394 for an individual in 2016). Currently, 31 states plus the District of Columbia have expanded their programs.

The AHCA would change the current system of federal funding of Medicaid by placing per capita caps on federal payments to states. Under that approach, each state’s Medicaid spending, beginning in 2020, would be limited based on enrollee categories (i.e., children, disabled, etc.). States that exceed the limits would get less money the following year. Alternatively, states could opt to receive federal block grants (i.e., predetermined fixed amounts) to cover their Medicaid-eligible populations.

The Medicaid changes account for the single largest item of budgetary savings under the AHCA—some $843 billion over 10 years according to the CBO. The savings are important to achieving other GOP objectives such as tax reform, but many of the 16 GOP governors who expanded Medicaid have expressed concerns about the scope and timing of the changes and the impact on their citizens.

States’ ability to opt out

In an effort to persuade House conservatives to support the AHCA, Rep. Tom MacArthur (R-NJ) offered an amendment that would allow states to seek waivers of certain AHCA provisions. The idea was to devolve to those states flexibility to modify their coverage rules to best meet the needs of their constituencies. Under the amendment, states that are granted waivers may:

  • Adopt age-rated premium ratios higher than 5:1 for older individuals buying coverage in the individual and small group markets;

  • Define their own, less generous, “essential health benefits” (EHBs) for plans purchased in the individual and small-group markets instead of the 10 EHBs mandated by the ACA (and which the AHCA otherwise would leave in place); and/or

  • Bypass the 30 percent penalty for individuals who do not maintain continuous health coverage, and instead apply medical underwriting to the pricing of plans in such cases; but states seeking such waivers must have a high-risk pool or participate in the Federal “Invisible Risk Sharing Program” (explained below).

High-risk pools

High-risk pools are state programs that provide funding to cover the health care costs of individuals with catastrophic or pre-existing medical conditions and who are unable to purchase affordable coverage in the individual market. The AHCA embraces state high-risk pools as a way to contain the cost of medical premiums for healthy individuals. It does this by creating two risk pools: one for healthy individuals or those with continuous coverage, and the other for those with high-cost or pre-existing conditions. The idea is to lower premiums for healthy people while at the same time providing coverage for those with serious health conditions using a separate funding mechanism.

To fund coverage for high-risk individuals, the AHCA provides a total of $138 billion over 10 years through various mechanisms as follows:

  • A State Stability Fund in the amounts of $15 billion in 2018 and 2019, and $10 billion each year thereafter through 2026;

  • An additional $15 billion in 2020 that states could use for maternity coverage and newborn and prevention, treatment, or recovery support services for mental or substance use disorders;

  • An additional $8 billion for the period 2018-2023 to states with a “MacArthur waiver” (previously discussed); and

  • A Federal Invisible Risk Sharing Program to help with high-cost medical claims of certain individuals who buy coverage in the individual market.

The MacArthur waivers are not without controversy. The two biggest issues are the potentially large cost increases to older citizens and whether individuals with pre-existing health conditions will be adequately protected. Another question is how many states actually will seek waivers and assume the financial (and political) responsibility for protecting older and sicker workers if the federal dollars under the AHCA prove insufficient. The CBO makes an educated guess as to how many people might be affected by states getting waivers, but they are guesses nonetheless.

Ways to get to Yes

The CBO report estimates that from 2017 to 2026, the AHCA would reduce direct spending by $1.111 trillion and revenues by $0.992 trillion (resulting in a net deficit reduction of $119 billion—and that 23 million fewer people would have health coverage (CBO does not count as health coverage limited benefit plans, including so-called “mini-med” plans and fixed-dollar indemnity plans). These numbers are a direct consequence of the AHCA’s stated goals—to reduce the role of the federal government in regulating and financing health care, specifically in the individual market, Medicaid, and the uninsured.

Senate Republicans broadly share those goals, but they differ on how to achieve them, as did many of their House colleagues. To further mitigate the impact on individuals, the Senate could adjust the AHCA’s spending and revenue levels, as well as the timing of certain provisions—for example, they could push back the phase-out of the ACA’s Medicaid expansion provisions from 2020 to a later date. Similarly, the AHCA’s per-capita caps and block grant provisions could be adjusted to provide more money to the states. The trade-off would be higher spending levels than the House bill, but this could be offset by modifying the AHCA’s tax repeal provisions. For example, the ACA’s so-called “Cadillac” tax on high-cost employer plans, which the House bill delayed until 2026, could be allowed to go into effect earlier, thus generating more revenue. To the same effect, the Senate could push back repeal of the ACA’s Medicare payroll tax on high income individuals. Another step might be to provide additional subsidies for those aged 50 to 64 to mitigate any adverse effect of the increase in the premium age-rating ratio proposed by the House.

We are under no illusions that the policy differences among Senate Republicans can be reconciled—and if they can, that the House and Senate can reach agreement when they go to conference. All we know now is that the GOP is stuck with its seven-year public commitment to creating a better system with still no clear path forward. Democrats may be enjoying the Republicans’ predicament, but neither party is likely to be viewed favorably if the current system continues to falter and ultimately fails. If that happens, the price of our polarized political environment could be steep for both sides.

The sheer magnitude of the dollars at stake should compel policymakers to find a breakthrough. The Centers for Medicare and Medicaid Services reports that national spending on health care grew 5.8 percent to $3.2 trillion in 2015, accounting for 17.8 percent of GDP. Medicare spending alone was $646.2 billion, 20 percent of the total. Medicaid another $545.1 billion, or 17 percent. Thus, the most urgent practical question may not be whose theory of government is more correct, but whether the current rate of health care spending is sustainable. We can’t think of a better answer than economist Herbert Stein’s wry observation that, “if something cannot go on forever, it will stop.”

This post was written by Alden J. Bianchi andEdward A. Lenz of Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.

IRS Delays Notice Requirements for Qualified Small Employer Health Reimbursement Accounts

Small Employer Health Reimbursement AccountsThe 21st Century Cures Act (“Cures Act”), signed into law by President Obama on December 13, 2016, included a provision that exempts qualified small employer health reimbursement arrangements (“QSEHRAs”) from the Affordable Care Act’s (“ACA’s”) group health plan rules. On February 27, 2017, the IRS extended the time for plan sponsors to provide the required QSEHRA notice to employees. This Update describes the general rules for QSEHRAs under the Cures Act, as well as the extension recently granted by the IRS.

Background – Health Reimbursement Accounts Under the ACA

A health reimbursement arrangement (“HRA”) typically consists of an arrangement under which an employer reimburses medical expenses (whether in the form of direct payments or reimbursements for premiums or other medical costs) up to a certain amount. Under the ACA, employers are generally prohibited from establishing an HRA unless it is “integrated” with (that is, considered part of) the employer’s ACA-compliant group health plan. This is because an HRA, standing alone, is a group health plan that will not satisfy several ACA requirements, such as the prohibition on annual or lifetime benefit limits. The IRS has also stated that a non-integrated HRA violates the ACA regardless of whether reimbursements or direct payments are treated as pre-tax or after-tax. An employer that offers a non-compliant HRA is subject to an excise tax under Section 4980D of the Internal Revenue Code (“Code”) of $100 for each day that it offered the non-compliant HRA.

For more information about HRAs under the ACA, including types of HRA arrangements that do not violate the ACA, see our June 11, 2015 Compensation & Benefits Legal Update.

HRAs for Qualified Small Employers Under the Cures Act

Under the Cures Act, a QSEHRA established by an eligible employer is not considered a group health plan for purposes of the ACA. As a result, the QSEHRA does not need to comply with the ACA’s market reforms, and an eligible employer that establishes a QSEHRA is not subject to the Code Section 4980D excise tax. To be an eligible employer, a company must have fewer than the equivalent of 50 full-time employees and must not offer a group health plan to any of its employees.

A QSEHRA may pay and/or reimburse for medical care expenses, as defined in Code Section 213(d), including premium payments for individual health insurance policies covering the employee or enrolled family members, regardless of whether the policies are purchased through a broker or through a health insurance exchange. In addition, a QSEHRA must meet the following requirements:

  1. It must be provided on the same terms to all eligible employees of the eligible employer;

  2. It must be funded solely by the employer (i.e., no salary reduction contributions);

  3. It must require employees to provide proof of coverage before the payment or reimbursement of benefits; and

  4. It must limit the amount of payments and reimbursements for any year to no more than $4,950 for single coverage or $10,000 for family coverage (prorated for partial-year coverage).

If an eligible employee enrolls in a health plan that qualifies as minimum essential coverage for the year, the QSEHRA benefit will not count as taxable income. Otherwise, the amount will count as taxable income. The employer must report the total amount of the QSEHRA benefit on each employee’s Form W-2, regardless of whether the amount is taxable.

QSEHRA Notice Requirement

An employer that offers a QSEHRA must issue a specific written notice to all eligible employees. The notice must describe the benefits including the maximum annual benefit, state that the employee should disclose the amount of the QSEHRA benefit when purchasing coverage through a health insurance exchange and that the QSEHRA benefit will offset the amount of any premium tax credit, and state that if the employee is not enrolled in minimum essential coverage he or she may be subject to the individual mandate penalty under the ACA and that any reimbursements from the QSEHRA may be taxable income.

The QSEHRA notice must be provided no later than 90 days before the beginning of the QSEHRA plan year (or, if the employee becomes eligible during the QSEHRA plan year, by the date the employee becomes eligible to participate). However, an eligible employer that provides a QSEHRA for a year beginning in 2017 will not be treated as failing to timely furnish the initial written notice if the notice is furnished to its eligible employees no later than 90 days after the enactment of the Cures Act, which was March 13, 2017. An employer that fails to provide the required notice will be subject to penalties of $50 per employee for each failure, capped at $2,500 for all such failures during a calendar year.

Extension of QSEHRA Notice Requirement

On February 27, 2017, the IRS issued Notice 2017-20, in which it recognized that some eligible employers may find it difficult to comply with the QSEHRA notice requirement absent additional guidance concerning the contents of the notice. Therefore, the IRS provided that an eligible employer that provides a QSEHRA to its eligible employees for a year beginning in 2017 is not required to furnish the initial written notice to those employees until after further guidance has been issued by the IRS. That further guidance will specify a deadline for providing the initial written notice that is no earlier than 90 days following the issuance of that guidance. Employers may provide QSEHRA notice to their eligible employees before such further guidance, and may rely upon a reasonable good faith interpretation of the Cures Act to determine the contents of the notice.

ARTICLE BY Kenneth A. Hoogstra of von Briesen & Roper, S.C.

©2017 von Briesen & Roper, s.c

Health-Related Programs Face Deep Cuts In President Trump’s “Budget Blueprint to Make America Great Again”

President Trump Budget Make America Great Again HatsOn March 16, 2017, President Trump Administration released his first budget outline for the 2018 fiscal year (FY 2018). In an effort to “shrink the role of government,” the $1.1 trillion budget proposal calls for a $54 billion increase in defense spending, with a corresponding $54 billion reduction in funding for many federal government programs. In particular, the Department of Health and Human Services (HHS) and the National Institutes of Health (NIH) would absorb double-digit budget cuts, in addition to other consolidation efforts involving those agencies.

President Trump is expected to release a full FY 2018 budget request in May of this year. Although the budget blueprint delivers on President Trump’s campaign promise for increased homeland security and military spending, opposition from both Democratic and Republican lawmakers suggests that the proposed cuts are unlikely to fully survive the congressional appropriations process.

Key Health-Related Spending Cuts Under the Budget Proposal

The NIH, a division within HHS, is the principal government agency for biomedical and health-related research. While 10% of NIH funding is used for research within its own facilities, the agency awards nearly 80% of its funding to outside universities, medical schools, and other research institutions. The Trump Administration proposes to reduce the NIH’s budget by $6 billion, or nearly 20%—back to its lowest level in 15 years.

The proposed budget cut eliminates $403 million in health professions and nursing training programs because the programs purportedly “lack evidence that they significantly improve the Nation’s health workforce.”

The proposal also calls for a “major reorganization” of the 27 NIH institutes and centers “to help focus resources on the highest priority research and training activities.” So far, the Administration’s only request with respect such reorganization is the abolishment of the Fogarty International Center, a $70 million program dedicated to training scientists in developing nations, particularly in Africa, to detect and control the spread of emerging infectious diseases.

The spending plan also consolidates the Agency for Healthcare Research and Quality (AHRQ) within the NIH. The AHRQ, which supports research on healthcare delivery cost, quality, and safety, could cease to exist under the proposed cuts.

Not surprisingly, President Trump’s budget proposal has been met with criticism from those in the biomedical research community. According to a statement released by the Association of American Medical Colleges, major cuts to the NIH would “cripple the nation’s ability to support and deliver” biomedical research. Likewise, according to Andrew Rosenberg, director of the Center for Science and Democracy with the Union of Concerned Scientists, “[w]hat this budget does is ignore evidence and undermine our very ability to collect it across the board.”

Other Important Budget Details

The budget blueprint also proposes to decentralize the Centers for Disease Control and Prevention (CDC), another agency within HHS, by establishing a state block grant program “to increase State flexibility and focus on the leading public health challenges specific to each State.” While this change would lessen categorical funding restrictions, like other block grant mechanisms, it likely would have the effect of reducing federal funding for such programs.

Notwithstanding the proposed cuts, the Administration plans to continue funding for the Global Fund to Fight AIDS, Tuberculosis and Malaria, and the President’s Emergency Plan for AIDS Relief. The budget outline also requests an additional $500 million for HHS to “expand opioid misuse prevention efforts and to increase access to treatment and recovery services.”

Trump Administration’s First Budget Battle; Implications for FY 2018 Proposal

While President Trump’s budget proposal sheds some light on his Administration’s priorities, it also faces an uphill battle in gaining acceptance in Congress. While lack of support for the budget proposal from congressional Democrats is unsurprising, several GOP leaders have already come out and voiced their opposition to the budget cuts. Rep. Hal Rodgers (R-KY), former chairperson of the House Appropriations Committee, has called the proposed cuts “draconian, careless, and counterproductive.” Rep. Tom Cole (R-OK), a member of both the House Appropriations and Budget Committees, described the cuts to NIH and CDC as “short-sighted.”

Still, some biomedical industry leaders have expressed confidence that Congress will not end up moving forward with the proposed cuts. “Congress has a long bipartisan history of protecting research investments,” noted Rush Holt, CEO of the American Association for the Advancement of Science (AAAS). “We are grateful and encouraged that members of Congress have already spoken out about the importance of keeping NIH funding at healthy levels,” added David Arons, CEO of the National Brain Tumor Society.

One additional development to keep in mind in connection with President Trump’s proposed budget for FY 2018 is how Congress will address the FY 2017 continuing resolution. The continuing resolution currently maintains government spending at FY 2016 levels, but is set to expire on April 28. By this date, Congress must pass an appropriations bill to keep the government running for the remainder of FY 2017. How President Trump and Congress address this issue could give an indication on whether Congress is willing to work with the President’s FY 2018 budget outline.

Copyright © 2017, Sheppard Mullin Richter & Hampton LLP.

How Does the 21st Century Cures Act Affect Employee Benefits?

21st century curesThere are two key benefits takeaways for employers in the bipartisan 21st Century Cures Act, which President Obama signed into law on December 13, 2016.

The act, which passed both houses of Congress by large majorities, is designed to increase funding for medical research, ease the development and approval of experimental treatments, and reform federal mental healthcare policy.

Mental Health Parity Rules

Employers can expect increased enforcement, along with stricter interpretations, of the existing federal mental health parity rules in coming months and years.

Though the act does not expand requirements under the Mental Health Parity and Addiction Equity Act, Title XIII of the act directs the secretaries of the Department of Health and Human Services, the Department of Labor, and the Treasury to issue guidance within 12 months related to compliance with the mental health parity rules. The act also calls for increased coordination between federal and state authorities in enforcing the mental health parity rules.

In addition, when a group health plan or insurer is found to have violated the mental health parity rules five times, the secretaries are directed to audit the plan’s or insurer’s documents the following year to “help improve compliance” with the rules. By including such specific compliance measures directly within the act, Congress appears to be encouraging increased enforcement of the mental health parity rules in the coming months and years.

The act does make one substantive “clarification” to the existing mental health parity rules. If coverage is offered for eating disorder treatment, then the treatment (including residential treatment) must be provided consistent with the mental health parity rules.

Standalone HRAs for Small Employers

The Affordable Care Act effectively prohibited employers from offering employees health reimbursement arrangements that were not integrated with other group health plans (standalone HRAs).

The act rolls back that rule slightly—though only for employers that are not “large employers” for ACA purposes (generally, those that have 50 or more full-time equivalent employees) and that do not offer any health plan to employees.

Title XVIII of the act creates qualified small employer health reimbursement arrangements (QSEHRAs) which are available for plan years starting after 2016. A QSEHRA is an arrangement funded solely with employer money that provides for payment or reimbursement of medical care expenses, up to $4,950 per year for individuals ($10,000 per year for families). In addition, a QSEHRA must generally be provided to all eligible employees of the employer on the same terms, and the employer must provide notice to the eligible employees. These QSEHRAs could permit reimbursements for individual health insurance premiums, which is also generally not permitted under the ACA. In addition, QSEHRAs are not subject to the Consolidated Omnibus Budget Reconciliation Act’s (COBRA) continuation coverage requirement.

These rules will take effect on January 1, 2017, which means that eligible employers could begin offering a QSEHRA next month. For small employers that offered a standalone HRA before January 1, 2017, the act will extend certain transition relief. HRAs that qualify under Notice 2015-17 will continue to qualify for transition relief through the end of 2016.

ARTICLE BY Timothy J. Stanton & Jessica E. Kuester of Ogletree, Deakins, Nash, Smoak & Stewart, P.C.

© 2016, Ogletree, Deakins, Nash, Smoak & Stewart, P.C., All Rights Reserved.

Top Takeaways from FDA Draft Guidance on Software as Medical Device

FDA software as medical deviceFDA’s proposed adoption of an IMDRF document raises questions.

On October 14, the US Food and Drug Administration (FDA) released a new draft guidance document, Software as a Medical Device (SaMD): Clinical Evaluation (Draft Guidance).[1] The Draft Guidance was developed by the SaMD Working Group of the International Medical Device Regulators Forum (IMDRF),[2] a voluntary group of medical device regulators from around the world, including FDA. This is the first time that FDA has proposed issuing an IMDRF document as an official FDA guidance document.

The Draft Guidance discusses clinical evaluation recommendations for SaMD and focuses on the general principles of clinical evaluation, which include establishing scientific validity, clinical performance, and analytical validity for an SaMD. The Draft Guidance is available for public comment until December 13, 2016. We have highlighted below key takeaways.

1. Cart Before the Horse?

Over the years, FDA has issued several guidance documents attempting to clarify its position on software products. For instance, in 2015, the Agency issued its final guidance on Mobile Medical Applications, which describes when FDA will or will not actively regulate software that can be executed on a mobile platform.[3] However, the Mobile Medical Apps guidance is limited to the specific mobile app examples listed in that guidance, and FDA has yet to issue its long-promised draft guidance on clinical decision support software. Thus, there is no clear overarching policy on when software used for health- or medical-related purposes would be considered SaMD, subject to FDA regulation. In this context, issuing guidance on FDA’s expectations for the clinical evaluation for SaMD seems premature. Software developers need to first understand where the proverbial line is before investing in clinical evaluation activities.

2. New Unadopted Terminology and Reference Documents Used

The Draft Guidance uses terminology defined in other IMDRF documents and also incorporates by reference findings from other IMDRF documents; however, FDA has not officially adopted those other IMDRF documents as FDA guidances. Thus, it is not clear whether FDA intends for this Draft Guidance to be the first volley, followed up by formally issuing other IMDRF documents on SaMD as FDA guidances, or whether FDA would simply consider the terminology and principles in those other IMDRF documents to be adopted by proxy if and when it finalizes this current Draft Guidance. It also is not clear how the principles and terminology in these other IMDRF documents align with FDA’s existing regulations and guidance documents. For instance, the Draft Guidance discusses a system of classifying SaMD based on its intended use and risk; however, it is not clear how this classification system would translate to FDA’s existing device classification system (Class I, Class II, and Class III) and classification regulations. Such an understanding is important for SaMD developers to determine the premarket review standard that will apply (e.g., establishing substantial equivalence vs. safety and effectiveness), because this will inform the goals for SaMD clinical evaluation.

3. Context Is Important

Although this Draft Guidance’s focus is SaMD clinical evaluation, a significant part of its 45 pages is used to provide definitions, general principles, context, and SaMD categorization principles (not to mention the references to other IMDRF documents, as described above). Only Section 6 directly addresses clinical evaluation. On that point, the new Draft Guidance describes clinical evaluation as the process for establishing the scientific validity, analytical validity, and clinical performance of an SaMD and provides recommendations for generating evidence in these three areas. The Draft Guidance further describes how to determine the required level of evidence based on the SaMD’s categorization. With regard to categorization, the Draft Guidance proposes a SaMD categorization scheme based on: (1) how the information generated by the SaMD will be used (for nondiagnostic, diagnostic, or therapeutic purposes), and (2) the criticality of the healthcare situation or condition in which the SaMD is to be used. An SaMD intended to treat or diagnose critical healthcare situations or conditions is considered higher risk and thus would be subject to more rigorous clinical evaluation requirements.

4. FDA Requests for Feedback

In its Federal Register notice announcing the new Draft Guidance, FDA highlighted specific areas for which it would like feedback, including the following:

  • Does the document appropriately translate and apply current clinical vocabulary for SaMD?

  • Are there other types of SaMD beyond those intended for nondiagnostic, diagnostic, and therapeutic purposes that should be highlighted or considered in the document?

  • Does the document adequately address the relevant clinical evaluation methods and processes for SaMD to generate clinical evidence?

  • Given the uniqueness of SaMD and the proposed framework, is there any impact on currently regulated devices or any possible adverse consequences?

Next Steps

The Draft Guidance document indicates that it is intended to provide globally harmonized principles of when and what type of clinical evaluation is appropriate based on the SaMD risk. However, questions remain about how these principles translate to FDA regulatory requirements.

The Guidance Document is available for comment until December 13, 2016 (Docket No. FDA–2016–D–2483).

ARTICLE BY Michele L. Buenafe & M. Elizabeth Bierman of Morgan, Lewis & Bockius LLP
Copyright © 2016 by Morgan, Lewis & Bockius LLP. All Rights Reserved.

[1] 81 Fed. Reg. 71105 (Oct. 14, 2016), https://www.gpo.gov/fdsys/pkg/FR-2016-10-14/pdf/2016-24805.pdf.  

[2] FDA,International Medical Device Regulators Forum (IMDRF) (last updated May 5, 2015), http://www.fda.gov/MedicalDevices/InternationalPrograms/IMDRF/default.htm.

[3] FDA, Mobile Medical Applications: Guidance for Industry and Food and Drug Administration Staff, (Feb. 9, 2015), http://www.fda.gov/downloads/MedicalDevices/…/UCM263366.pdf.

New Presidency Will Compel Action in Key Areas of Health Care in 2017

health careAs we enter the final stretch of the U.S. presidential election, health care remains one of the most contested issues with great potential for change, particularly to existing insurance and patient care systems. Compounding matters is the opening of enrollment season for exchange plans, which places the already hotly debated Affordable Care Act (ACA) at the forefront of the national health care discussion.

Former U.S. Congressman Dennis Cardoza, co-chair of Foley’s Federal Public Affairs Practice, and Public Affairs Director Jennifer Walsh opined recently about how our next president could symbolically break the congressional logjam on several health care-related fronts and why the industry is poised for more market-driven disruption.

What follows are a few highlights of their conversation.

1. What health policy issues will be most impacted by the next administration?

Cardoza: Since the passage of the ACA, there has been very little legislative activity when it comes to health care, as everything has been done at the administrative level and spread across various departments. During the honeymoon period that follows every newly elected president, we’ll likely see an immediate and significant push around the ACA marketplaces, especially in light of some high-profile defections, decreasing competition and increasing premiums. It doesn’t matter who is in the White House; there are things happening in the market that can’t be ignored.

Walsh: I agree that legislation concerning the exchanges will be the first out of the gate. There is a strong impetus to fix the system, but it may happen initially as part of the reauthorization of the Children’s Health Insurance Program (CHIP) that is set to expire in 2017. CHIP is a bi-partisan issue and no one wants to see it lapse. This must be passed in the first or second-quarter and could grease the skids for other ACA measures that are either attached as amendments or follow in subsequent bills.

On a separate, simultaneous track, drug pricing will continue to be scrutinized. Lawmakers will pick up where they left off leading up to the August recess. It’s now part of the national dialogue and lawmakers will continue to discuss how to address the issue.

2. Will merger activity continue on its current, accelerated pace?

Cardoza: The ACA has forced market consolidation due to everyone’s ability, or rather inability to compete over costs. We may see other large insurance plans leave the exchanges if the Department of Justice doesn’t approve their respective mergers.

Walsh: Mergers have been an interesting consequence of the ACA, and we’ll see more alignment in this regard. They don’t always generate big news headlines, but smaller acquisitions of technology assets and payments systems are happening all over, so health care organizations can build their portfolios.

3. What are some other noteworthy developments you’re watching closely?

Cardoza: Concluding a long, iterative process, the Centers for Medicare & Medicaid Services will soon be rolling out its new health care payment and service delivery models as part of the transition from fee-for-service. Next year will be a key period as we work toward full-blown implementation of new reimbursement practices that reflect better value and promote quality care for patients.

Walsh: The 21st Century Cures Act, which is Representative Fred Upton’s legacy issue, has received broad bipartisan support and already passed the House. It will allocate more funding to the National Institutes of Health to explore new cures and treatments, and incent to innovative approaches to disease management. It should get a fair shake in 2017, if not during the upcoming lame duck session.

4. What should health care executives be thinking about heading into 2017?

Cardoza: Complacency has set in with the Washington gridlock, and many executives with bearish outlooks have accepted the broken system and are merely just controlling costs. However, they need to change their mindset and be more cognizant of what could soon affect their business, as we’re about to enter a transformative year where there will be a lot of moving parts. If they’re not informed and engaged, they’re going to get left behind.

Walsh: The uncertainty surrounding the ACA has certainly caused a lot of angst, and makes planning for businesses extremely difficult. Companies need to channel that energy into advocacy for their organization. Although every system is different, the industry-wide movement toward modernization, value, and quality will affect all parties. While it will be incremental, the change that will be prompted by the election is inevitable.

ARTICLE BY Dennis A. Cardoza & Jennifer F. Walsh of Foley & Lardner LLP

© 2016 Foley & Lardner LLP

OCR Kicks Off HIPAA Audits After Issuing Two Major Settlements

HIPAAOn Monday, the HHS Office for Civil Rights (OCR) launched phase two of its much-anticipated audit program for covered entities and business associates. The announcement comes in the wake of OCR’s issuance of two major settlements—totaling more than $5 million—which highlighted the critical importance of managing the security basics, such as the business associate agreement (BAA) and the organization-wide risk analysis. These developments are summarized below, with practical tips that can help organizations mitigate related risks.

Summary

2016 Audit Program Begins

In announcing the 2016 audit program launch, OCR confirmed it will contact organizations by email to verify contact information and complete a pre-audit questionnaire. Organizations selected for audit will be subject to either a desk audit, an onsite audit or potentially both. Organizations will have a short period to produce requested documents, typically 10 business days, so it is important to have HIPAA privacy and security policies, security risk assessments, breach notification documentation, BAAs, and other HIPAA documentation up-to-date and readily available. While there is a detailed audit protocol from the phase one OCR audits, that protocol has not been updated for the final rules implementing the HITECH Act. OCR has committed to issuing an updated audit protocol closer to the date the audits will be conducted, which will set forth the criteria that auditors will review. Importantly, the phase two audits will extend to business associates. Although the risk of being selected for an audit is low, organizations would be well advised to review the existing and, when available, new audit protocols, conduct a compliance gap assessment and take corrective actions as needed, as part of overall HIPAA compliance efforts. While OCR states that the audits are primarily a compliance improvement activity, enforcement may follow where a serious issue is identified.

The North Memorial Settlement – The Importance of Business Associate Agreements

In the first of two recent settlements, North Memorial Health System, a nonprofit organization, will pay $1.55 million and enter into a two-year corrective action plan to settle charges that it violated HIPAA by failing to have a written BAA with a key contractor. OCR’s investigation followed the 2011 theft of an unencrypted laptop from a contractor’s workforce member’s vehicle. The settlement notes that the laptop contained protected health information (PHI) of approximately 9,497 North Memorial patients. For its part, the contractor separately settled HIPAA violations for $2.5 million, and entered into a related 20-year FTC consent order relating to its security procedures.[1] OCR also alleged that North Memorial failed to conduct an organization-wide risk analysis that covered all of its IT infrastructure.

OCR’s investigation indicated that North Memorial failed to execute a BAA with the contractor as required by HIPAA Privacy and Security Rules. OCR asserted that North Memorial gave the contractor access to its hospital database, which stored the electronic PHI of 289,904 patients, as well as access to non-electronic PHI as it performed services on-site at North Memorial.[2] In total, OCR’s investigation found that, from March 21, 2011, to October 14, 2011, North Memorial impermissibly disclosed the PHI of at least 289,904 individuals to the contractor without obtaining a proper BAA.[3] The investigation further indicated that North Memorial failed to complete a comprehensive risk analysis to identify all potential risks and vulnerabilities to the electronic PHI (ePHI) that it maintained, accessed or transmitted across its entire IT infrastructure, as required by the HIPAA Security Rule.[4]In settling the matter, North Memorial did not concede liability.

In addition to the $1.55 million payment, North Memorial agreed to a two-year corrective action plan (CAP) that requires it to develop policies and procedures related to business associate relationships and to conduct an organization-wide risk analysis and risk management plan, as required under the HIPAA Security Rule.[5] The CAP also requires North Memorial to train appropriate workforce members on all policies and procedures newly developed or revised pursuant to the CAP.[6]

OCR has previously (and repeatedly) emphasized the importance of having an organization-wide, thorough analysis, which it reinforces here with North Memorial. In addition, this settlement highlights the importance that OCR attaches to having BAAs where required, which OCR describes as another “cornerstone” of effective security.[7] Further, the settlement illustrates that, when a breach occurs with a business associate, the impacted covered entity should expect OCR to request a copy of the underlying BAA. Where that BAA cannot be found, the covered entity and business associates should expect potential enforcement.

FIMR Settlement: Basic Compliance Required of All Covered Entities (and Business Associates)

In the second settlement, Feinstein Institute for Medical Research (FIMR), a nonprofit research institute, will pay $3.9 million and enter into a three-year corrective action plan to settle charges it violated HIPAA, following its breach when an employee’s unencrypted laptop containing patient information of 13,000 individuals was stolen. OCR’s investigation determined that FIMR’s security management process was limited, it had failed to conduct a thorough risk analysis, and lacked sufficient policies and procedures. In its press release, OCR emphasized that it expects research institutions that are covered entities to comply with the same standards as other covered entities.

OCR’s investigation of FIMR stemmed from a self-reported breach after an employee’s unencrypted laptop was stolen. Based on the resolution agreement, OCR’s investigation appears to have identified widespread non-compliance. For example, OCR alleged that FIMR: (1) failed to conduct an accurate and thorough risk analysis of the potential risks and vulnerabilities to all of the ePHI held by FIMR, including the ePHI on the employee’s laptop; (2) failed to implement policies and procedures for granting access to ePHI by its workforce members and restricting access by unauthorized users; (3) failed to implement physical safeguards for the laptop; (4) failed to implement policies and procedures that govern receipt and removal of hardware and electronic media that contain ePHI into and out of a facility, and the movement of these items within the facility; and (5) failed to encrypt ePHI on the laptop or, alternatively, document why encryption was not reasonable and appropriate and implement an equivalent safeguard.

As part of an extensive three-year CAP, FIMR must conduct an organization-wide risk analysis and develop a corresponding risk management plan, develop a process for evaluating environmental or operational changes to the security of ePHI, revise its policies and procedures for privacy and security, and provide extensive training and reporting.

Tips to Mitigate Risks

Covered entities and business associates can enhance HIPAA compliance, and reduce audit risk, by taking a number of practical steps outlined below.

Business Associate Risks:

  1. train workforce (at onboarding and at least annually thereafter) to recognize situations where a BAA (or subcontractor BAA) is required and understand how to activate the organization’s process for securing one;

  2. conduct periodic audits of existing outside service relationships to ensure that all necessary BAAs (or subcontractor BAAs) are, in fact, in place;

  3. periodically audit BAAs (and subcontractor BAAs) on file to ensure they are fully compliant (including as to the final HITECH rule content requirements), in full force and effect, and readily retrievable; and

  4. retain records of training and audits conducted for at least six years.

This also is an excellent time for covered entities and business associates to re-examine the effectiveness of their processes for conducting initial diligence and periodic audits of the security compliance of their key business associates and subcontractors.

Risk Analysis:

While not a new point, it remains critical for covered entities and business associates to conduct and document the requisite security risk analysis on a regular basis, and take prompt corrective action to manage identified risks. It is particularly important to ensure that the risk analysis covers all ePHI maintained, accessed or transmitted across the organization’s entire IT infrastructure, including but not limited to all applications, software, databases, servers, workstations, mobile devices and electronic media, network administration and security devices, and associated business processes. This can be a challenge—particularly in light of the pace of developments and acquisitions/consolidations in the health care industry—but is essential. Organizations should develop a complete inventory of all electronic equipment data systems, and applications controlled by, administered or owned by the organization and its workforce that contain or store ePHI, including personally owned devices. Organizations should make sure their process includes equipment purchased outside of standard procurement processes.

Audit Preparation Tips:

  1. Confirm that all required HIPAA privacy and security policies and procedures are implemented and up-to-date;

  2. Make sure a through, organization-wide security risk analysis as described above has recently been conducted, and that resulting corrective actions have been taken;

  3. Confirm that BAAs are fully up-to-date and accessible, and follow the steps above to further reduce business associate risks;

  4. Use the audit protocols to conduct a gap assessment;

  5. Be prepared to provide documentation showing that breach notices have been provided as required by HIPAA; and

  6. Covered entities should ensure their notices of privacy practices are up-to-date and provided as required.

Other Basics:

  1. Encryption: Encryption of laptops, thumb drives and other mobile devices remains a critical risk mitigation strategy. HIPAA does not require encryption of ePHI in all cases “per se”; however, it does require organizations to specifically address, as part of their required risk analysis, whether encryption is a reasonable and appropriate safeguard (and if so, it requires organizations to encrypt; if not, it requires organizations to document why encryption is not reasonable and appropriate, and adopt an alternative safeguard ). However, encryption per the HHS guidance provides a “safe harbor” from breach notification under HIPAA and generally obviates the need to make state law data breach notifications as well, in the event of loss of encrypted data. Further, because encryption will, in fact, be “reasonable and appropriate” in many cases, often it is effectively required.

  2. Training: The scope and frequency of training also should be regularly reviewed to ensure training covers key aspects of privacy and security policies. In addition, training should address current and emerging threats and risk areas. For example, in light of the significant role of phishing attacks and malware in cyber-breaches, training should include employee awareness of how to identify and respond to these types of attacks.

[1] The related 2012 settlement by business associate Accretive Health with the Minnesota attorney general for violations of the HIPAA rules and state law was widely touted within the industry as the first HIPAA enforcement action against a business associate. See Settlement Agreement, Release, and Order, 12-cv-00145, ECF No. 90 (July 30, 2012). Because the breach occurred prior to the issuance of final rules implementing the HITECH Act’s extension of direct liability for HIPAA violations to business associates, OCR—the primary federal HIPAA enforcement agency—had indicated it would not enforce the HITECH Act changes against business associates until issuance of the final rules. However, this did not prevent the Minnesota attorney general from proceeding to enforce HIPAA, using newly expanded enforcement authority granted to state attorneys general under the HITECH Act. Accretive Health also entered into a related, 20-year consent order with the FTC, pursuant to which no fine or penalty was paid but in which Accretive Health agreed to establish and maintain a comprehensive information security program, and to periodic evaluations of that program. See Press Release, FTC approves final consent order settling charges that Accretive Health failed to adequately protect consumers’ personal information (Feb. 24, 2014).

[2] See North Memorial Resolution Agreement and Corrective Action Plan, I.2.A, (Mar. 16, 2016).

[3] See id. at I.2.B.

[4] See id. at I.2.C.

[5] See id. at I.V.A-C.

[6] See id. at I.V.D.

[7] See Press Release, $1.55 million settlement underscores the importance of executing HIPAA business associate agreements (Mar. 16, 2016).

Article By Matthew R. BakerMichael R. CallahanDoron S. Goldstein & Megan Hardiman of Katten Muchin Rosenman LLP
©2016 Katten Muchin Rosenman LLP

The UK Psychoactive Substances Act 2016: An Example of Poor Drafting and Unintended Consequences for Food?

The UK has enacted new legislation to address the issue of so-called ‘legal highs’ following a number of cases of paranoia, seizures, hospitalisation and even death after consumption of certain psychoactive substances.  The Psychoactive Substances Act 2016 (the “Act”) was granted Royal Assent on 28 January 2016.  It is expected to come into force on 6 April 2016.  The Act makes it an offence to produce, supply, offer to supply, possess with intent to supply, possess in a custodial institution, import or export psychoactive substances.

A psychoactive substance is defined very broadly to cover “any substance which is capable of producing a psychoactive effect in a person who consumes it”.  A substance produces a psychoactive effect in a person if it affects the person’s mental functioning or emotional state  by stimulating or depressing the person’s central nervous system.  There are a number of specific exemptions, including controlled drugs, medicinal products, alcohol, nicotine and tobacco products, caffeine and food.  However, the definition of food has left a number of questions since it does not align with the legal definition of food set out in EU Regulation 178/2002.  Rather, the Act defines food as:

Any substance which—

            (a) is ordinarily consumed as food, and

            (b) does not contain a prohibited ingredient (emphasis added).

In this paragraph—

  • “food” includes drink;

  • “prohibited ingredient”, in relation to a substance, means any

psychoactive substance—

            (a) which is not naturally occurring in the substance, and

            (b) the use of which in or on food is not authorised by an EU instrument.

The authorities have stated that the Act is not intended to capture foods with a “negligible” psychoactive effect, such as chocolate and nutmeg, but concerns were raised during the legislative debates that the Act could capture inadvertently a much broader range of food substances, including energy drinks and certain botanical ingredients used in foods and dietary supplements.  It is hoped that guidance from the enforcement authorities will make clear exactly which foods and drinks are exempted.

Article By Brian Kelly of Covington & Burling LLP

Lucie Klabackova, paralegal, also contributed to this article.

© 2016 Covington & Burling LLP

Hollywood Presbyterian Concedes to Hacker’s Demands in Ransomware Attack

In a chain of events that should be a wake-up call to any entity using and storing critical health information, Hollywood Presbyterian Medical Center (“HPMC”) has announced that it paid hackers $17,000 to end a malware attack on the hospital’s computer systems. On February 5, HPMC fell victim to an attack that locked access to the medical center’s electronic medical record (“EMR”) system and blocked the electronic exchange of patient information. Earlier reports indicated that the hackers had originally demanded $3,400,000.

Such “ransomware” attacks are caused by computer viruses that wall off or encrypt data to prevent user access. Hackers hold the data ransom, demanding payment for the decryption key necessary to unlock the data. The attacks are often caused by email phishing scams. The scams may be random or target particular businesses or entities. In the case of HPMC, the medical center’s president and CEO indicated to media outlets that the attack was random, though Brian Barrett, writing for Wired,questioned that assertion.

The medical center’s announcement of the resolution of the incident indicates that there is no evidence that patient or employee information was accessed by the hackers as part of the attack. Even if the data was not compromised, the attack led to enormous hassles at the hospital, returning it to a pre-electronic record-keeping system.

On February 2, 2016, three days before the HPMC attack, the Department of Health & Human Services Office for Civil Rights (“OCR”) announced the launch of its new Cyber-Awareness Initiative. That announcement included information on ransomware attacks and prevention strategies. Suggested prevention strategies from OCR included:

  1. Backing up data onto segmented networks or external devices and making sure backups are current.

  2. Ensuring software patches and anti-virus are current and updated.

  3. Installing pop-up blockers and ad-blocking software.

  4. Implementing browser filters and smart email practices.

Most of these prevention strategies are HIPAA security measures that ought to be in place generally. As OCR indicates, smart email practices and training the workforce on them are key elements to preventing phishing scams. Before clicking on a link in an email or opening an attachment, consider contextual clues in the email. The following types of messages should be considered suspicious:

  • A shipping confirmation that does not appear to be related to a package you have actually sent or expect to receive.

  • A message about a sensitive topic (e.g., taxes, bank accounts, other websites with log-in information) that has multiple parties in the To: or cc: line.

  • A bank with whom you do not do business asking you to reset your password.

  • A message with an attachment but no text in the body.

All health care providers, payors, and their business associates need to take notice of the HPMC attack and take steps to ensure that they are not the next hostages in a ransomware scheme.

Article By Kate F. Stewart  of Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.

©1994-2016 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.