Labs In Court: A roundup of recent cases and enforcement actions involving the diagnostics industry

ACLA Goes for Jugular in PAMA Challenge Case
Case: Attorneys for the American Clinical Laboratory Association asked the federal court for summary judgment in its lawsuit challenging the legality of the new PAMA- based Medicare Part B fee schedule for lab tests. Specifically, ACLA contends that the HHS exceeded its authority and ignored the PAMA legislation by omitting hospital and reference labs from pricing data used to set fee rates for lab services under the law. (For more about the lawsuit, see GCA, Dec. 11, 2017.)

Significance: If the court does grant summary judgment it would essentially be saying that it has enough basis to rule that ACLA's claims are legally valid without holding a trial. If it denies the motion, a trial will be necessary—unless, that is, HHS brings and wins its own summary judgment motion.

Individual Officers Called to Account for Role in HDL Scam
Case: Three years after Health Diagnostics Laboratory, Inc. (HDL) and its marketing partner BlueWave Healthcare Consultants—both now defunct—settled federal kickbacks claims for $50 million, the individuals involved in the scheme have been brought to justice. On Jan. 31, a federal jury in South Carolina unanimously convicted HDL's former CEO and BlueWave's co-owners of conspiring to pay doctors sham specimen processing and handling fees of $17 and routinely waiving copays and deductibles in exchange for referring Medicare and Tricare to HDL and its partner Singulex for medically unnecessary blood testing. But the $16 million damage award the jury returned was far below the $174 million the DOJ asked for.

Significance: For sheer dimensions, the HDL scheme has been described as among, if not the biggest case of lab fraud ever. In many ways, it also represents the new dynamic of federal healthcare fraud enforcement, not simply because it began as a whistleblower suit (actually, a series of three suits) but in its following of Yates Memo principles of separating the corporation from its individual principals and going after each group separately. This strategy represents a dramatic departure from previous DOJ policy of focusing on the corporate entity and allowing the individuals to avail themselves of the corporate liability shield and legal defense.

Illumina Wins $26.7 Million in Patent Infringement Damages
Case: Illumina won a patent infringement lawsuit against Ariosa Diagnostics in the US District Court of the Northern District of California. The case began in 2014 when Illumina claimed that Ariosa's test for "simultaneous quantification of hundreds of DNA loci" infringed the former's patent covering methods for amplifying and genotyping samples simultaneously. That same year, Roche acquired Ariosa and created a microarray version of the test. So Illumina filed a second suit claiming that the new test also infringed. The jury agreed with both claims and awarded Illumina $26.7 million in damages.

Significance: The case may not be over. General counsel for Roche Molecular Solutions is quoted as saying in an email that the company is disappointed" with the decision and is reviewing its legal options. Stay tuned.

Fresenius Settles HIPAA ePHI Charges for $3.5 Million
Case: HIPAA requires providers to perform a thorough risk assessment of the systems they use to secure electronic personal health information (ePHI) and correct the vulnerabilities they identify. On Feb. 1, the federal agency that enforces the HIPAA rules, the HHS Office for Civil Rights, announced that Fresenius Medical Care North America has agreed to fork over $3.5 million to settle charges of failing to meet this obligation at five of its facilities. The specific forms of violation varied from facility to facility—lack of procedures for incident response, no policies for removing hardware and electronic media containing ePHI within and outside the facility, inadequate encryption, failure to prevent unauthorized access, etc.

Significance: Although the $3.5 million fine stings, the real pain point for Fresenius may be the onerous corrective action plan that OCR imposed on the affected facilities, including the obligation to:

• Conduct a top-to-bottom HIPAA compliance audits;

• Submit a Risk Management Plan based on the audit findings to HHS for approval;

• Submit separate written reports on encryption measures and device and media controls;

• Develop and implement an enhanced privacy and security awareness training program; and

• Deliver annual reports and training reports.