|
|
|
|
|
LIABILITY OF MANAGED CARE ORGANIZATIONS FOR YEAR 2000 COMPUTER FAILURES by Steven H. Goldberg, Cosgrove, Eisenberg & Kiley, P.C. Introduction Managed care organizations ("MCOs") should take potential legal liabilities into consideration in order to develop effective strategies for managing Year 2000-related risks.(1) This paper presents an overview of three broad categories of law suits that MCOs and their directors and officers might face as a result of Year 2000 ("Y2K") failures: tort, statutory/regulatory and fiduciary. The Year 2000 computer problem refers to the inability of most computers to process date information later than December 31, 1999. Computer programs typically abbreviate years to two digits, such as "97," so that the year "00," that is, 2000, will be read as 1900. When that happens, some computers won't work at all and others will suffer critical calculation and other processing errors. Many Y2K problems may not be readily apparent when they first occur, but instead could imperceptibly degrade technology systems and corrupt information stored in computerized databases, in some cases long before January 1, 2000. Moreover, the problem is not limited to one's own computers. Hospitals and other health care facilities receive vital services, supplies and data from third parties, such as public and private payers, physician practice groups, claims processors, management service organizations, and product manufacturers and distributors, all of which could be vulnerable to Year 2000 problems themselves. Also, "embedded chips" -- non-programmable microcircuits that are "hard wired" into other pieces of equipment, many of which include date calculations in their programming logic -- may be critical to patient services or hospital operations. Examples of embedded chip systems that should be tested for potentially injurious Year 2000 problems include medical and laboratory devices and equipment,(2) monitoring and security systems, chillers, fire alarms, HVAC systems, nurse call and telecommunications equipment, and emergency generators. Tort Liability Personal Injury The prospects for personal injury and wrongful death suits arising from Year 2000 problems appear substantial.(3) Many treatment decisions rely on date- and time-dependent information, such as care plans, dosages, lab results, reminder notices, and expiration dates.(4) Y2K risks that could compromise patient care include corruption of patient admission and treatment records, computer-induced medication errors, malfunctioning monitoring, diagnostic and laboratory equipment, and delays in supplies and services. MCO tort liability could be both vicarious and direct. Vicarious liability could arise when an MCO is named as a co-defendant in a medical malpractice suit against a physician in cases alleging that a Year 2000 problem was a substantial factor contributing to the injury and the MCO has held out "our" doctors as being part of the MCO's total care program.(5) Claims of direct corporate negligence might arise where the plaintiff asserts that a Year 2000-related injury was caused by a breach of duty "to use reasonable care in the maintenance of safe and adequate facilities and equipment" under the MCO's control or "to formulate, adopt and enforce adequate rules and policies to ensure quality care for the patients."(6) Misrepresentation and Fraud Personal injury suits can also be based on misrepresentation or fraud claims where an MCO makes written or oral claims about the quality of its care. When Year 2000 errors disrupt medical services, injured patients will likely contest MCO claims about state-of-the-art facilities, referral practices and specialty services made in health care plan documents, advertisements and statements by providers.(7) Liability will depend, in substantial part, on whether the statements were false or reckless, in light of the ascertainable risks of Year 2000 problems. Punitive Damages Although punitive damage awards are much less prevalent than is popularly believed, such claims will likely be pursued in connection with some Year 2000 personal injury suits. Punitive (or "exemplary") damages are designed to punish a wrongdoer, rather than merely compensate the injured party, and they may be awarded upon a showing of "persistence in a palpably negligent course of conduct over an appreciable period of time" or "a heedless and palpable violation of legal duty respecting the rights of others."(8) Because Year 2000 risks can be foreseen and mitigated years before they materialize, claims for punitive damages can be expected in cases of serious injuries or death resulting from Y2K errors. Statutory/Regulatory Violations Agency Enforcement Actions The health care industry operates within an exceedingly complex regulatory environment involving both federal and state oversight. Accreditation, licensure, quality assurance, treatment guidelines, patient records and privacy, billing, and many more areas of patient care and service delivery are subjects of governmental supervision. If Year 2000 failures disrupt records management and reporting systems, cause deviations in care plans, billing procedures or treatment protocols, or otherwise interfere with an MCO's ability to conduct regulated operations, agency enforcement actions could follow. Regulatory authorities and state attorneys general often have broad powers to impose administrative sanctions on licensed health care facilities, including suspensions and financial penalties, and to seek "equitable" remedies from courts, such as injunctive relief, ordering violators to comply with statutory and regulatory requirements. ERISA Claims Statutory suits could also be filed by employers and individual subscribers if an MCO fails to provide promised services due to Year 2000 disruptions. The Employee Retirement Income Security Act ("ERISA") authorizes health plan participants to bring suit, among other things, "to recover benefits due to him under the terms of his plan, to enforce his rights under the terms of the plan, or to clarify his rights to future benefits under the terms of the plan." 29 U.S.C. §1132(a)(1)(B). ERISA does not authorize recovery of monetary damages. Copyright Infringement Hardware and software licenses often contain restrictions on copying and modifying the computer code without permission of the copyright holder. MCOs undertaking Year 2000 repairs should be mindful that violations of such provisions could lead to litigation against the MCO for copyright infringement, which might take the form of a counterclaim if the MCO first sues the vendor for selling technology that is not Year 2000 compliant. Criminal Prosecutions Violations of criminal law are considerably less likely to follow from Year 2000 errors, but they cannot be ruled out entirely.(9) For example, prosecutions for health care fraud and abuse are often predicated on the provider's submission of unsupported claims for payment or inability to substantiate services as medically necessary and appropriate. An assertion that "the computer ate our records" is unlikely to satisfy government auditors. Fiduciary Violations Shareholder Derivative Actions Directors and officers owe fiduciary duties of due care and loyalty to act at all times in good faith in the interests of their shareholders. When investors believe that corporate decision-makers have breached those duties resulting in financial harm to the business, they may, under certain circumstances, file "derivative" suits on behalf of the corporation. It is important to emphasize that such suits claim that the directors or officers are personally liable to compensate the corporation for its losses and legal expenses.(10) MCOs that suffer substantial business disruptions, financial losses, regulatory enforcement actions or reduced market share as a result of Year 2000 failures could face derivative suits. Such suits would likely allege, for example, that "the directors allowed a situation to develop and continue which exposed the corporation to enormous legal liability and that in so doing they violated a duty to be active monitors of corporate performance."(11) Although courts generally defer to the reasonable business judgment of directors and officers in making policy decisions concerning corporate governance, "a sustained or systematic failure of the board to exercise oversight -- such as an utter failure to attempt to assure a reasonable information and reporting system exists -- will establish the lack of good faith that is a necessary condition of liability."(12) Thus, an MCO's failure to put in place a corporate program to assess Year 2000 risks could give rise to directors' and officers' liability. Of course, if the board does establish such a program and significant Y2K risks are found, breaches of fiduciary duties could still occur if the board fails to adopt and monitor reasonable remediation measures. Enforcement of Public Charities Laws In some states, non-profit MCOs are considered "public charities" whose officers and directors are public trustees who owe fiduciary duties of due care and loyalty.(13) In statutory terms, "[a] director, officer or incorporator of a [charitable] corporation shall perform his duties ... in good faith and in a manner he reasonably believes to be in the best interests of the corporation, and with such care as an ordinarily prudent person in a like position with respect to a similar corporation ... would use under similar circumstances."(14) State attorneys general may be authorized to "enforce the due application of funds given or appropriated to public charities ... and prevent breaches of trust in the administration thereof."(15) Conclusion The managed care industry is exposed to Year 2000 liability on many fronts. Lawsuits against MCOs generally will not require courts to recognize ground breaking legal theories, but instead will likely involve the application of well-established doctrines to novel fact patterns. The exercise of corporate due diligence must be the first line of defense against the threat of Year 2000 litigation. November, 1997 This publication is provided for educational purposes and is not intended as legal advice. Readers should not act upon this information without professional legal counseling based on specific facts. The author is licensed to practice law only in the Commonwealth of Massachusetts. This publication may be considered advertising under the rules of the Massachusetts Supreme Judicial Court. © 1997 Steven H. Goldberg. All rights reserved.One International Place, Suite 1820, Boston, MA 02110 617.439.7775 • Fax 617.330.8774 • E-mail shg@tiac.net 1. See Steven H. Goldberg, "Managing 'Year 2000' Business and Legal Risks for Hospitals and Health Care Systems," available on the Internet at http://www.rx2000.org/articles/ submitted01.html. 2. In June, 1997, the Center for Devices and Radiological Health of the Food and Drug Administration informed medical device manufacturers that "some computer systems and software applications currently used in medical devices, including embedded microprocessors, may experience problems beginning January 1, 2000 due to their use of two-digit fields for date representation." The FDA letter is available on the Internet at http://www.fda.gov/cdrh/ yr2000.html. 3. In focus groups conducted by the Rx2000 Solutions Institute, 67% of the respondents strongly agreed and 25% agreed that "Year 2000 issues have the potential to negatively impact the quality of health care." Even more disturbing, 58% agreed and 25% strongly agreed that "Year 2000 issues have the potential to create errors that lead to unnecessary deaths." See Joel M. Ackerman, Rx2000 Solutions Institute, "Prudent Paranoia" (Sept. 1997), available on the Internet at http://www. rx2000.org/Prudent.html. 4. See Joel M. Ackerman, Rx2000 Solutions Institute, "Year 2000 and Health Care," available on the Internet at http://www.rx2000.org/presents.html. 5. See McClellan v. Health Maintenance Organization of Pennsylvania, 604 A.2d 1053 (Pa. Super. Ct. 1991); Sloan v. Metropolitan Health Council of Indianopolis, Inc., 516 N.E.2d 1104 (Ind. Ct. App. 1987). 6. See Thompson v. Nason Hospital, 591 A.2d 703, 706-707 (Pa. 1991). See also, Restatement (Second) of Torts, §323 ("One who undertakes, gratuitously or for consideration, to render services to another which he should recognize as necessary for the protection of the other's person or things, is subject to liability to the other for physical harm resulting from his failure to exercise reasonable care to perform his undertaking, if (a) his failure to exercise such care increased the risk of harm, or (b) the harm is suffered because of the other's reliance upon the undertaking"). 7. See McClellan, id. at 1060-1061 (plaintiffs alleged that HMO intentionally misrepresented HMO's physician screening and referral practices). 8. See Lynch v. Springfield Safe Deposit & Trust Co., 294 Mass. 170, 172 (1936); Davis v. Walent, 16 Mass. App. Ct. 83, 92 (1983). 9. The Delaware Court of Chancery has noted "an increasing tendency, especially under federal law, to employ the criminal law to assure corporate compliance with external legal requirements, including environmental, financial, employee and product safety as well as assorted other health and safety regulations." In re Caremark International Inc. Derivative Litigation, 1996 WL 549894, *10 (Del. Ch., Sept 25, 1996). 10. Although directors and officers liability insurance provides indemnification for certain breaches of fiduciary duties, exclusions for Year 2000 risks might be incorporated into such policies when they next come up for annual renewal. 11. Caremark, id. at *8. 12. Id. at *12. 13. See, e.g., Attorney General v. Hahnemann Hospital, 397 Mass. 820 (1986). 14. Mass. G.L. c. 180, §6C. The charitable organization and uncompensated directors and officers may, under specified circumstances, enjoy immunity from suit or limitations on liability. Directors and officers who receive compensation beyond reimbursement of expenses are generally not protected by statutory immunity. See, e.g., Mass. G.L. c. 231, §§85K, 85W. 15. Mass. G.L. c. 12, §8B. |
