Healthcare has become a hotbed for startups of all kinds from new provider models to insurance companies to health technology.
No matter what area of healthcare is targeted by a startup, the desire is to proceed with innovation or disruption bolstered by a feeling that this idea will be the one to change healthcare.
However, nothing in healthcare is easy, simple or straightforward. For every potential issue that may be addressed, there are myriad other issues interconnected that will be impacted, most likely in unanticipated ways.
Leaving aside the business impacts of an idea, almost every startup trying to work in healthcare will run into issues with regulations. As has been well documented, the healthcare industry is subject to a tangled and complex web of regulations governing almost every aspect of, and organization in, the industry. However, in the excitement of pursuing a new idea or concept, some startups will not consider the regulatory environment.
Proceeding in deliberate or unintentional ignorance of the regulations can have profound impacts on the viability of an idea. If regulations are not considered, a startup may not discover the deficiency until approaching potential customers and then not being able to adequately answer questions from a potential customer or, even worse, being informed by the potential customer of how a regulation is being violated or not followed.
If a startup gets to that point, at best some aspect of the solution will need to be modified or at worst the entire idea could end up needing to be scrapped.
What can help the situation? Seeking advice and consultation earlier on in the development cycle. In most instances, the advice should be sought when there is sufficient detail around an idea or concept to begin work on it.
Depending on the area of healthcare involved, the regulations could play a fundamental role in how development proceeds. For example, if the idea is to enhance communications between physicians or other providers around patient care, HIPAA must be addressed right from the start. That may mean not trying to attract individual users who may not be able to bind their organization to an entity that will store protected health information.
That nuanced aspect of regulatory impact may not be apparent to a startup founder not well versed in healthcare or entering healthcare for the first time, but unintentional lack of awareness will not remedy a regulatory violation.
If regulations are so vital to success in healthcare, which ones are the most important? That question is actually somewhat hard to answer since the specific area of healthcare addressed by the startup will drive what the most important regulation(s) may be. While there are a variety of regulations, discussion most often comes back to HIPAA, the Stark Law, and the Anti-Kickback Statute.
HIPAA covers the privacy and security of protected health information. If a startup will provide a service to or on behalf of a healthcare provider, health plan, or healthcare clearinghouse, then the startup will most likely be a business associate. As a business associate, the startup needs to comply with the HIPAA security rule and portions of the HIPAA privacy rule. Compliance is not just composed of building security measures into a tool or other solution. Compliance requires developing and implementing policies and procedures as well as regularly updating those policies and procedures. HIPAA compliance (and really all regulatory compliance) is an ongoing commitment, not a one and done proposition.
The other major regulatory area is fraud and abuse. That is covered from the civil side (the Stark Law) and the criminal side (Anti-Kickback Statute). In both instances, the regulations are wary of arrangements that encourage the referral of patients to enable the billing of services or procedures. Most arrangements can satisfy regulatory requirements by carefully structuring the terms. However, that requires understanding what elements need to be present for compliance. Further, potentially inappropriate relationships can arise in unexpected ways, particularly through arrangements that would be fine in any other industry.
Another less discussed area are civil monetary penalties, which tag along with the fraud and abuse laws and regulations. In particular, the beneficiary inducement provisions are gaining relevance with ideas that try to engage patients through some type of reward or other compensation. Just giving a patient a financial benefit could raise questions and undermine the potential idea.
While the discussion of the regulations was intentionally brief and high level, the discussion is sufficient to demonstrate that the regulations impact a wide range of ideas and potential activities.
Given the complexity of regulations, what should startups do? As already suggested, seek help and do that as early as possible. While it is acknowledged that resources can be tight or non-existent for startups, failing to properly vet or tweak an idea early on can result in the waste of a lot more money later.
Additionally, many areas have programs designed to aid startups, with many of those programs having a healthcare focus. Those resources should be taken advantage of to more quickly enable the team behind a startup to get on the right path.
It is a time of much potential innovation in healthcare. That should be a time of promise and hope. Do not let an idea be derailed by rushing headlong into an idea at the start without taking the proper time to fully assess that idea.
Matthew Fisher
Fisher is the Chair of the Health Law Group at Mirick O’Connell, a law firm based in Worcester, Mass.