Five Core Antitrust Principles For Mergers Of Health Insurers
By James Burns
On July 9, WellPoint and Amerigroup, two prominent health insurers, announced that they intended to merge in a deal reportedly valued at approximately $5 billion dollars. The transaction is expected to be only the first of what many predict will be a series of health insurer consolidations over the next several years, as the industry reacts to changes mandated by the Affordable Care Act. With that in mind, now is a good time to review five core antitrust principles that come into play as part of any merger of health insurers.
First, and perhaps most significantly, health insurer mergers are not exempt from federal antitrust review by the McCarran - Ferguson Act, 15 U.S.C. 1012 et seq. (the insurance industry's antitrust exemption). Any doubt about this was put to rest on August 22, when Amerigroup publicly acknowledged that it had received a "Second Request" for additional information from the Department of Justice's Antitrust Division, confirming not only the DOJ's authority to review health insurance mergers, but its intention to examine the Wellpoint/Amerigroup deal.
Second, the DOJ's interest in the Wellpoint/Amerigroup deal refutes claims by some healthcare providers that health insurers typically receive a "free pass" from regulators with respect to their proposed mergers. The DOJ's interest in this deal, following on the heels of DOJ's challenge to a proposed merger between Blue Cross of Montana and New West, a rival plan in Montana, in 2011, and DOJ's derailment of a proposed merger between Blue Cross of Michigan and Physicians Health Plan of Mid-Michigan in 2010, instead demonstrates rather active regulatory oversight in this area.
Third, the DOJ's review of health insurance mergers can be expected to be detailed and thorough, both in terms of geographic and product markets. Reflecting a careful market by market examination of the potential competitive implications of a deal, notwithstanding that the combined company would sell a diverse range of insurance products and operate in nineteen states, the DOJ's concerns in the Wellpoint/ Amerigroup deal were reportedly limited to competition in a single state (Virginia). Prior DOJ investigations reflect a similarly focused approach to these issues.
Fourth, in many prior health insurer mergers, the parties chosen to sell off certain assets or operations through divestitures to clear potential regulatory concerns and to expedite approval for the remainder of the deal. For example, in the Blue Cross of Montana/New West transaction, the parties gained quick approval for their deal when New West agreed to divest a part of its business to PacificSource, a rival insurer. Thus, it was not surprising that Amerigroup announced in September that it agreed to divest its Virginia operations to Inova Health System, presumably with the expectation that the divestiture would lead to regulatory approval for the remainder of the deal.
Fifth, particularly with respect to insurance industry transactions, it is important to note that gaining federal approval is often not the only antitrust hurdle that merging health insurers face before closing. State regulators (both State Attorneys General and State Insurance Commissioners) often have authority to review and challenge such transactions and have, on occasion, also served as potential roadblocks to merging health insurers' plans. Whether any such impediments will arise with respect to the proposed Wellpoint/Amerigroup deal remains to be seen.
Because these core principles apply to all health insurer transactions, we are likely to see them arise repeatedly in the next few years. And evidence of this should be quickly forthcoming, given that only weeks after the announcement of the Wellpoint/Amerigroup deal, Aetna announced its intention to acquire Coventry, another health insurer, in a deal reportedly valued at almost $7 billion. Stay tuned.
In Reversing The Dismissal Of A Healthcare Data Breach Class Action, The Eleventh Circuit Shows The Importance Of Encryption
In early September 2012, the Eleventh Circuit decided Resnick v. AvMed, Inc., reversing, in part, a motion to dismiss, and thereby permitting a class action against AvMed, a Florida health plan provider, that arose from the theft of unencrypted information to move forward. Specifically, the Court ruled that: (1) plaintiffs claiming actual identity theft resulting from a data breach have standing to bring a lawsuit, which was a matter of first impression before the Circuit, and (2) plaintiffs showed a nexus between the data theft and the identity theft and therefore met the causation element for purposes of federal pleading standards.
The class action stems from the theft of two laptop computers from AvMed's Gainesville, Florida office in December 2009. The laptops contained electronic protected health information, Social Security numbers, names, addresses and phone numbers of 1.2 million current and former AvMed members. As the Court explained, "AvMed did not take care to secure these laptops, so when they were stolen the information was readily accessible," and, despite being careful with their personal information, Juana Curry and William Moore, the two named Plaintiffs, became victims of identity theft. Ms. Curry's name was used to open Bank of America accounts and credit cards which were used to make unauthorized purchases, and her home address was then changed with the post office. Mr. Moore's information was used to open an account with E*Trade Financial and he was notified that the account was overdrawn.
In the last few years, several courts addressing non-healthcare related data breach class actions dismissed these actions on standing grounds. To have standing, plaintiffs must have an actual concrete injury in fact. Defense counsel have generally argued -with great success -that a mere loss of personal data, without more, does not demonstrate an injury. However, where plaintiffs can demonstrate monetary losses, courts have generally found standing. Here, the two Plaintiffs each suffered monetary losses due to the identity theft.
Further, the Eleventh Circuit also ruled that Plaintiffs showed a nexus between the data theft and the identity theft and therefore met the causation element, which requires plaintiffs to show that the particular bad act by the defendant caused the plaintiffs' harm. Specifically, the Court reversed the lower court's dismissal of the following five claims, each of which require causation: (1) negligence, (2) breach of contract, (3) breach of implied contract, (4) breach of fiduciary duty, and (5) unjust enrichment. Upon review, the Court ruled that the Plaintiffs' allegations that the sensitive information contained in the stolen laptops "was the same sensitive information used to steal Plaintiffs' identity," were sufficient to show a nexus between the data breach and the identity theft. Most interesting is the unjust enrichment claim, where Plaintiffs argued that "AvMed cannot equitably retain their monthly insurance premiums -part of which were intended to pay for the administrative costs of data security -because AvMed did not properly secure Plaintiffs' data, as evidenced from the fact that the stolen laptop containing sensitive information was unencrypted." Plaintiffs further argued that "AvMed should not be permitted to retain the money belonging to plaintiffs because AvMed failed to implement the data management and security measures that are mandated by industry standards." The Court agreed and ruled that Plaintiffs pled sufficient facts to meet the unjust enrichment elements, in spite of AvMed's argument that it provides health insurance and not data security services. As such, the class action litigation continues.
Healthcare companies should view this case with concern for at least two reasons. First, the identity theft happened ten months, in the case of Ms. Curry, and fourteen months, in the case of Mr. Moore, after the data breach. Generally, data breach insurance providers cover credit watch services for only one year from the date of discovery or notice of the breach. Second, the Plaintiffs survived on the motion to dismiss because they alleged that the information on the laptop was the same information necessary to commit identity theft. In the current environment, very little information is needed to commit identity theft. Importantly, healthcare companies can foreclose this claim altogether by encrypting mobile devices, which is certainly more cost efficient than fighting a class action lawsuit.
Restitution Payments By Physician Held To Be Tax-Deductible
By Ralph Levy
In a recent decision by the United States Court of Appeals for the Internal Revenue Service ("IRS") the Court ruled that payments by a New Jersey physician to an insurance company to settle a civil suit for insurance fraud and to two undisclosed governmental entities in exchange for dismissal of criminal insurance fraud charges were deductible for federal income taxes as nonbusiness deductions. This means that the physician can deduct the amount paid on the physician's individual income tax return in the year of payment, but that the deduction will be limited based on the physician's adjusted gross income for that year.
In reaching its conclusion, the IRS found that the loss was not deductible as a business expense since fines or similar penalties for the violation of any law are not deductible under this tax provision. However, the payments can be deducted as a nonbusiness expense under a separate tax provision, which allows a deduction for any sustained loss that is not compensated by insurance or otherwise. In support of its conclusion, the IRS relied on its prior ruling that payments made by a convicted arsonist for the repayment to the insuror of insurance proceeds received as a result of the arson were deductible as a nonbusiness expense if the arsonist included the insurance payments in income when they were received. Thus, payments in the nature of restitution to the payor of improperly received payments that had previously been included in income of the payee are deductible under this tax provision.
The IRS found that the physician's payments to the insurance company were in the nature of restitution since as a result of the settlement payment, the insurance company dismissed its civil case for insurance fraud and released its claims for restitution in the pending criminal action. In resolution of the criminal charges, one of the physician's practice entities pled guilty and the physician agreed to pay an undisclosed amount to the two governmental entities. The deductibility of the payments by the physician to the governmental entities was a much closer question; as a matter of public policy, payments to a governmental entity as a fine or penalty are not deductible. However, since in this instance, the consent agreement (titled "Consent Order for Restitution") recited that the purpose of the restitution payments was to enable "the citizens of New Jersey and the United States...[to] recognize significant recoupment of the illgotten billings of the Company [the physician's practice entity]", the IRS concluded the payments were intended to be compensation to a governmental entity and thus deductible as restitution payments. The lesson to be learned from this ruling is that physicians and other healthcare providers that are required to repay to a governmental agency or private payor amounts previously received by them for improperly billed services should try and characterize the repaid amounts as restitution so as to be tax deductible. By contrast, if the payments are characterized as a fine or penalty, the amounts paid will not be tax deductible.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
