Monica C. Berry provides a tree-top view of some of the legal developments that continue to affect US healthcare and their impact on risk management.

In the past decade the healthcare delivery system in the United States has undergone a major transformation from a traditional fee-for-service system in which the physician-patient relationship drove the system to a competitive managed care market in which the relationship between physicians and their patients has seriously eroded. As the healthcare delivery system has changed, the legislative and judicial branches of our government have been challenged to write and apply new laws that are fair, reasonable and within the boundaries of our constitution. One issue that was expected to have a major impact on healthcare was tort reform. Although tort reform has fueled the managed care movement, today tort reform is essentially moribund. However, there have been a plethora of legal developments that continue to affect healthcare in the United States which cannot be discussed here. Rather, the focus of this article is to give a tree-top view of some of these developments and their impact on risk management.

Evolution of managed care

The drive towards managed care was initiated in the 1980s by health insurers and their customers, the employers, to control the escalating cost of healthcare. In the 1990s, managed care has realigned relationships traditionally noted in the provision of care; affiliations between for-profit and non-profit institutions, hospitals employing physicians and purchasing physician office practices, healthcare insurers partnering with hospitals or groups, and the integration of physician groups. The anticipated outcome of this restructuring is to control the cost and utilization of healthcare services by assigning the risk of excess cost and utilization to the plan "gatekeepers" or primary providers thereby maximizing revenues for plan sponsors. The upshot of this structure is to limit the customer's choice of provider as well as the care to be received. Creating this dichotomy has resulted in litigation as well as legislation, to settle contract issues, employment issues, access to care concerns, fraud and abuse allegations, credentialing issues, and antikick-back allegations in addition to raising many ethical concerns about the provision and quality of care.

More than 80% of working Americans are enrolled in some form of managed care. With this number of patients subject to a quality of care versus cost containment analysis, the public is debating, quite prolifically, whether providers in the managed care arena can prevent their fiscal responsibilities from interfering with their loyalty to their patients. Healthcare decisions made by both physicians and hospitals support the notion that financial responsibilities have been in the driver seat while quality of care takes a back seat. This is of such public concern that several states, such as New Jersey, have passed legislation specifically stating that "a doctor's advice and treatment decisions for a patient are not to be adversely influenced by financial incentives." The law is intended to restore the trust of healthcare consumers in managed care.

Throughout the United States a substantial number of lawsuits have been filed in which the chief allegation involves a denial of coverage. Although health insurers continue to claim that a denial of payment does not necessarily equate with a denial of care, from a risk management perspective, the denial of payment is automatically taken by the consumer to mean denial of care. As a result, most managed care entities have developed a grievance and appeals process for coverage denials and other access to care issues. Although an effective grievance and appeals process can go a long way in resolving disputes, it is far better from a risk management perspective to protect consumers by avoiding such disputes in the first place. This may be difficult to accomplish however, given the competing forces in the delivery of healthcare in today's managed care environment.

The importance of contracting in the managed care environment cannot be overstated. Managed care relationships are contract driven and therefore, organizations and providers face a multitude of legal quagmires associated with contracts such as misrepresentation and vicarious liability.

Recently, managed care organizations and insurers have developed triage lines or centers, in which participating patient insureds can call to discuss treatment options. The purpose of these triage centers is to reduce the demand for expensive and perhaps unnecessary emergency department visits. In a lawsuit involving a triage center, the nurse who responded to a call recommended that a six-month-old infant with a fever of 104°F be taken to a managed care hospital 45 minutes away from the infant's home. The infant subsequently suffered an arrest and lost both hands as well as most of both legs. The jury found the managed care entity negligent and awarded the family in excess of $45,000,000 in damages. In this case, the nurse who responded to the call was not properly trained to triage, there were no written triage protocols or guidelines and there were insufficient documentation protocols. All three of these are risk management issues. (Adams v. Kaiser Foundation Health Plan, Civ. Act. No. 93-VS79895 (E Fulton Co. Ga.))

Employment agreements

The realigning of relationships in the delivery of healthcare in the 1990s has resulted in hospitals or insurers frantically purchasing physician group practices or employing physicians such that the managed care competitive motto has become "he who owns the most providers prevails". Although there are only five states that prohibit hospitals from employing physicians, hospitals in these states have developed other business relations with physicians or physician organizations that are not restricted. In recent years there has been ample litigation and legislation addressing the employment relationship between physicians and hospitals, most of it centering around the corporate practice of medicine doctrine. The corporate practice of medicine doctrine was developed in the early 1930s by states to specifically prohibit any unlicensed person or entity from practicing medicine in order to protect consumers of healthcare. Because the doctrine is state driven, its interpretation and application varies widely from state to state. In addressing the issue, the courts and legislature have been forced to view this relationship in the contemporary healthcare market setting and as a result, exceptions to the general prohibition have surfaced. Several states, for example Tennessee, have passed new laws that specifically permit employment relationships between hospitals and physicians. In other states, such as Illinois, the Supreme Court has ruled that licensed hospitals may lawfully employ physicians for the purpose of treating patients. One upshot of employment agreements in the managed care market is the fact that once a hospital or network purchases the physician practice, that physician becomes an agent of the hospital or network and the hospital or network can be vicariously liable for the physician's acts of negligence. From a risk management perspective, the nature of the employment agreements, especially between hospitals, managed care entities or large networks and physicians, have become far more sophisticated than traditional healthcare employment agreements and therefore, should be thoroughly reviewed and discussed before signed.

A potentially problematic provision in an employment agreement is the non-compete or restrictive covenant clause. Given the competitive nature of the current healthcare market, it is appropriate to create restrictive covenants provided they are reasonable with respect to the geographic scope and time. Reasonable covenants are generally regarded as enforceable by the courts. What is considered reasonable in one market, for example, in a rural setting, may not be reasonable in an urban setting. One of the ethical issues raised with respect to restrictive covenants in a managed care environment is whether such non-compete clauses deprives patients of choices or impacts negatively upon the quality of care provided in that market setting.


Telemedicine contemplates that physicians will practice medicine from a site remote from the patient. Telemedicine may include physician-patient communication via fax, telephone, satellite or fiber-optic cable. The most daunting of legal issues to be faced by networks that wish to create a telemedicine program is whether the practice extends across state lines and if it does, does the physician have a license to practice medicine in that state. The license to practice medicine is controlled at the state level and every state has a licensing requirement. The interstate licensing issue can be problematic especially for large healthcare networks that cross state lines. Two other potential legal and risk management issues that telemedicine programs encounter include the availability of medical record information and the confidentiality of healthcare information. From a risk management perspective, these issues need to be fully discussed before an entity can consider developing a telemedicine program.

Fraud and abuse

The enactment of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), substantially expands the federal program to combat healthcare fraud and abuse. It is estimated that approximately $20 billion a year is wasted in Medicare fraud and abuse. The act expands both civil and criminal penalties as well as establishes a national data bank to record information about providers who have committed fraud and abuse. The data bank includes the nature of the fraudulent act as well as the resulting injury. The data bank will be accessible to state and federal enforcement agencies and health plans. Not only will the Act generate litigation, but the development of the data bank has the potential to raise many a thorny issue associated with confidentiality and discoverability.

It was reported in a recent New York Times article that the government is investigating a fraud scheme in which unsuspecting physicians and patients were used on fake medical bills that were submitted to private insurers. The fictitious companies involved in this scheme set up operations for several weeks before closing down and moving on to a new location. It has been estimated that approximately $1 billion has been lost in this scheme.

Employed physicians can find the billing, coding and accounts receivable system that is established between the physician and the hospital or managed care entity and performed in the name of the provider particularly problematic. From a risk management perspective, the employed physician must be familiar with the billing process and take an active role in reviewing the appropriateness of all bills submitted in his name on a regular basis. In addition, documentation in the medical record must demonstrate that the care provided and billed for supports the patient's diagnosis. From a risk management perspective, the employment agreement should very specifically state the rights and responsibilities of both parties when it comes to billing and collecting patient fees. In addition, it is recommended that all employment agreements include a provision in which the physician agrees to follow sound billing practices and to actively participate in the accounting, billing and collection processes. The employed physician should be aware of the following illegal practices as methods to maximize billings: upcoding, unbundling or other such manipulations that increase the cost to the Medicare program. A physician with a heightened level of awareness of potential fraud and abuse makes a good risk manager.


The growth and development of managed medical care in the United States has created a variety of complex legal, ethical, financial, business and clinical issues that can be daunting at best not only to recognize but also to address. It is not expected that the wave of changes in the healthcare delivery system will halt soon and with change comes new risks. It is not only intellectually challenging to keep up with these changes, but also very exciting to evaluate the impact of the changes on the role and function of risk management.

Monica C. Berry, is a senior risk consultant with MMI Companies, Inc., an international healthcare risk management company. Ms Berry has over 20 years' experience in the healthcare field. She is active in the Illinois Society of Healthcare Risk Management, serving four years on the board of directors, two of which were as the president of the society. Ms Berry is also active in ASHRM. She was a presenter at ASHRM's annual conference in 1996, served on the chapter affairs committee, chaired the communication and resources committee and is currently serving as a committee member on the communication and resources committee.

* The author would like to specifically thank Stacey Ries, asssociate risk consultant with MMI Companies, Inc. for her assistance in conducting research and editing the article.