Presented By:
Health Information Technology Initiatives:
Protecting your IP and Avoiding Legal Risks
Benjamin T. Butler Robyn W. Diaz
Today’s Presentation
§ HIT Legal Overview
− Ben Butler
§ Patent Protection For Your HIT Solutions
− Dennis Gallagher
§ “Beyond HIPAA”: Security Breach Notifications
Where We Are Now
§ HIT is a top agenda item at HHS
§ Formation of American Health Information Community
§ EHR-related government contract awards
§ New regulatory developments
− Anti-kickback, Stark protections (proposed)
− HIPAA claims attachment standard (proposed)
− Medicare Part D e-prescribing standard (final)
Top Agenda Item at HHS
§ January ’04 State of the Union address
§ April ’04 appointment of David Brailer, NCHIT
§ June ’05 report on RFI responses; RFPs issued
§ August ’05 ONCHIT officially established at HHS
§ September ’05 “KatrinaHealth.org” efforts
American Health Information Community
§ Federal Commission – first meeting 10/7/05
§ 17 public/private commissioners
§ Charter: help “achieve a common
interoperability framework for health IT”
§ Seeking “breakthroughs” for HIT adoption
§ Early priorities: personal health records, chronic-disease monitoring, biosurveillance
§ Also: Comm’n on Systemic Interoperability
Federal HIT Contract Awards
§ Health IT standards unification/harmonization
§ Compliance certification process
§ State preemption obstacles to interoperability
§ Measuring status of HIT adoption
New Anti-Kickback, Stark Protections
§ OIG/CMS issued proposed rules on 10/11/05
§ Protect e-prescribing, EHR-related donations
§ MA plan, PDP donations of certain IT to
pharmacies, physicians would qualify
− Other health plans not protected
§ Primarily covers software, training
− Handhelds for e-prescribing could be OK
§ EHR donations: turns on adoption of standards
§ Incentive to adopt proprietary IT in short term?
New HIPAA, E-Prescribing Standards
§ HIPAA claims attachment standard
− Proposed HIPAA claims attachment standard issued 9/23/05
− Limited to certain categories (e.g., ER, rehab)
− Allows flexibility in data input format (scan vs. entry)
− Plans get one shot to request attachments
− Providers get one shot to reply
− No unsolicited attachment unless pre-authorized
− Public comments due 11/22/05
Congressional Legislation
§ Wired for Health Care Quality Act (S. 1418)
− Bipartisan effort of Senate HELP Committee
− Incorporates many of the current HHS initiatives
− Authorizes funding of HIT grants ($652M for ’06-’10)
− Status: Reported out of Committee
§ Medicare Value Purchasing Act (S. 1356)
− Championed by Sen. Grassley
− Primarily targeted at “value based” purchasing
− Status: Currently under Committee review
Presented By:
Business Method Patents:
A Growing Trend In The Healthcare Industry
Dennis R. Gallagher, Esq. dgallagher@crowell.com
Overview
§ What Is A Business
Method Patent?
§ Business Method Patents
In The Healthcare Industry
§ Obtaining A Business
What Is A Business Method Patent?
§ A patent provides …
− Right to exclude others from making, using, selling,
offering for sale or importing an invention for 20 years.
− Patent does not provide right to practice invention.
§ Requirements for patent protection
− Patentable subject matter
§ “Anything under the sun made by man”
§ Machine, manufacture, composition of matter, process
§ Not patentable: laws of nature, natural phenomena and abstract ideas.
What Is A Business Method Patent?
§ Requirements for patent protection (cont.)
− Novel: different than the “prior art”
− Non-obvious: not obvious to a person having ordinary skill in the subject matter of the patent.
§ Business methods are patentable in the U.S.
− State Street Bank v. Signature Financial, 149 F.3d 1368 (Fed. Cir. 1998)
§ Business methods subject to the same rules as any other process or method
− Not patentable prior to State Street
Business Method Patents: Healthcare
§ United States Patent & Trademark Office (PTO) classifies each patent application
− Traditional Classifications Relating to Healthcare § Class 128: Surgery
§ Class 424: Drugs
§ Class 435: Chemistry: Molecular Biology and Microbiology
− Business Method Classifications
§ Class 705: Data Processing: Financial, Business Practice, Management, or Cost/Price Determination
§ PTO has established subclasses for business
Business Method Patents: Healthcare
§ Health care management (Class 705/2)
− Over 1,500 patents and published patent applications
− Includes record management, ICDA billing
− Examples
§ Automated wellness system
§ Examination management system
§ Double blind evaluation method for malpractice claims
§ Integrated healthcare information system
§ Method for evaluation of health care quality
§ Prescription creation system
Business Method Patents: Healthcare
§ Insurance (Class 705/4)
− Over 750 patents and published patent applications
− Includes patents relating to health insurance
− Examples
§ Automated classification of health insurance claims to predict claim outcome
§ Cost projections for diagnoses
§ Method and system for settling a patient’s medical claim
§ Preneed insurance services system
§ System for conducting a physician-patient consultation
Business Method Patents: Healthcare
§ Patient record management (Class 705/3)
− Over 700 patents and published patent applications
− Includes HIPAA compliance, electronic medical records, and electronic health records
− Examples
§ Medical image recording system
§ Pharmaceutical inventory and dispensation computer system
§ System and method for accounting and billing patients in a hospital environment
§ System and method for ensuring privacy and security of medical information
Business Method Patents: Healthcare
§ Other business method subclasses may apply
− Staff scheduling (Class 705/9) § Examples
− System and method for optimizing employee scheduling in a patient care environment
− System for aiding to make medical care schedule
− Business processing using cryptography (Class 705/50) § Subclasses directed to data protection and privacy
§ Examples
− Patient information management method and system
− Secure extranet operation with open access for qualified medical professional
Obtaining A Business Method Patent
§ Identifying patentable subject matter
− Questions to consider
§ What do you do that is different?
− E.g., IT systems, internal processes, products or services.
§ What gives you a competitive advantage?
− E.g., better customer service; efficiency.
§ What new products, services or procedures are you planning?
− Educate relevant personnel (e.g., project managers) to identify potentially patentable business methods
− Consult patent professional
Obtaining A Business Method Patent
§ Should you file a patent application?
− Compare “invention” to “prior art”
§ Patentability search to locate potential prior art
§ Disclosure more than one year before filing patent application?
§ Patent professional should evaluate “non-obviousness”
− Who owns the patent rights?
§ Patents are filed in name of inventors
§ Companies receive rights through assignment
§ Employees/subcontractors obligated to assign?
− Developed pursuant to government contract?
Obtaining A Business Method Patent
§ Should you file a patent application? (cont.)
− Cost-benefit analysis § Costs
− Attorney fees to file and prosecute patent application
− 3-5 years before resolution & possibility of rejection by PTO
− Loss of related trade secret rights
§ Potential Benefits
− Protect competitive advantages and brand differentiators
− Preclude competitor from practicing technology
− Protect R&D investment
− Licensing royalties
Business Method Example
§ Amazon.com “one-click” patent
− September 1997
§ Problem: online customers reenter personal information for each sale and, as a result, online “shopping carts” are often abandoned by customers before completing sale.
§ Solution: one-click web interface and stored customer information provides satisfying user experience and more closed sales
§ One-click patent application filed
− May 1998: Barnesandnoble.com offers a one-click web interface
− Sept.-Oct. 1999: One-click patent issues and
Barnesandnoble.com sued for patent infringement
− Dec. 1, 1999: Preliminary injunction issues against Barnesandnoble.com
Presented By:
Health Information Technology Initiatives: Security Breach Notification Requirements
Robyn Whipple Diaz rdiaz@crowell.com
Privacy and Security Breaches Still A Reality
§ Compliance deadlines for the HIPAA Privacy
and Security Rules have come and gone, but…
§ 59% of providers and 45% of payers reported
that their organizations have experienced a
privacy breach during a six month period in 2005
§ 32% of providers and 27% of payers reported
that their organizations experienced a data security breach during the same time period
Source: US Healthcare Industry HIPAA Compliance Survey, Healthcare Information and Management Systems Society, Summer 2005
Beyond HIPAA: State Legislatures Enter the Fray
§ Many states have passed or are considering
security breach notification laws
§ State laws generally require prompt notification to residents of any compromises pertaining to the security, confidentiality or integrity of their personal information
§ Some states require businesses to take
measures to prevent the occurrence of breaches
Security Breach Scandals: Real-World Risks
§ CardSystems: The credit data of millions of
individuals was allegedly accessed by an intruder because of security vulnerabilities − Class action lawsuit
− Investigations by the Federal Financial Institutions Examination Council and the FBI
− Attorneys General from 48 states demand information on consumer notification processes
§ ChoicePoint: The personal data of
approximately 145,000 consumers may have been obtained by unauthorized third parties − Class action lawsuit
− Federal Trade Commission investigation
Security Breach Scandals: Healthcare Industry Not Immune
§ Testimony before the US Senate Committee on
Banking, Housing and Urban Affairs suggested that several hospitals have experienced
significant data security breaches in 2005
§ At least one health plan has been fined for inadvertently exposing patients’ confidential health information
§ At least one physician group has experienced a
significant data security breach, caused by the theft of computers containing patient information
Pending Federal Legislation
§ S.1332—Would require consumer notification
upon the occurrence of any breach that impacts sensitive, personally identifiable information
§ S.1408—Would require consumer notification
when personal information is compromised and a reasonable risk of identity theft exists
§ Barton-Dingell draft bill—Very broad proposal
that would create a national rule for data
protection, preempting state laws that expressly regulate security breaches
Preventing and Responding to Security Breaches
§ Do your policies include procedures for handling the security of personal information generally
(i.e., beyond the HIPAA requirements)?
§ Do your existing information security policies comport with applicable state law?
§ Do your policies include notification provisions that meet the latest requirements of state law?
Security Breach Response: Is Your Organization Ready?
§ Draft a response protocol
− Decision tree
− Plan for notifying individuals whose personal information has been compromised
§ Set up a security breach “SWAT team”
§ Prepare template legal documents
− Forms for prompt notifications to individuals
− Forms for TROs, other legal filings
Questions?
Ben Butler (202) 624-2799 bbutler@crowell.com Dennis Gallagher (949) 798-1319 dgallagher@crowell.com Robyn Whipple Diaz(202) 624-2763 rdiaz@crowell.com