Review now to prevent exposure to Y2K liability
Review now to prevent exposure to Y2K liability
By John J. Pavlick Jr., JD
Matthew T. West, JD
Attorneys
Venable, Baetjer, Howard & Civiletti, LLP
Washington, DC
By now you are probably tired of hearing about the Y2K computer problem, as it has dominated the plans and budgets of most hospitals for the last two years. Many hospitals have struggled to prepare for anticipated problems by reviewing and upgrading their computer systems and ascertaining the Y2K readiness of their medical equipment.
Now may be the time to step back and review the potential liability arising from a Y2K failure. There is the possibility of significant liability, so you should assess your risk as soon as possible. This review will allow hospitals to take additional steps, if necessary, prepare alternative plans in case of Y2K failures, and better estimate their potential liability. This liability assessment may prove invaluable and identify additional areas where prudent steps at this time can be taken to substantially reduce liability.
To perform such an assessment, risk managers first must understand the potential sources of liability. For ease of discussion, this liability can be treated as arising from two general sources: problems with patient care and an inability to pay bills and receive reimbursement in a timely fashion. Fraud charges can arrive from government agencies for defective and inaccurate reimbursement requests.
Most would agree that the No. 1 priority in addressing the Y2K problem is ensuring patient care is not adversely affected by a Y2K failure. Hospitals may face vicarious and direct negligence suits from injured patients or their families as a result of the hospitals’ failure to correct Y2K problems. A hospital may face direct negligence suits where a plaintiff claims it breached its duty of care and failed to correct the Y2K problem that resulted in the injury. To prove the liability of a hospital for a Y2K failure, a plaintiff would need to demonstrate that the hospital breached a duty to exercise reasonable care in the treatment, which was the proximate cause of the injury, and that the injury was reasonably foreseeable from the Y2K problem.
A hospital also may be drawn vicariously into a tort suit as a co-defendant in a medical malpractice case against a doctor in which a plaintiff alleges an injury was substantially caused or aggravated by a Y2K failure. This could arise if the hospital had some control or supervision of the doctor, such as granting hospital privileges or through staff employment, or if a Y2K failure in hospital equipment contributed to the negligent care.
These personal injury and wrongful death suits could arise from Y2K failures ranging from inaccurate record keeping to biomedical life-support equipment failures. Many medical decisions, such as treatment plans, lab results, and medicine dosage and expiration dates rely on date- and time-dependent information. This information is provided by one of the hospital’s computer systems or by embedded microprocessors in medical testing, monitoring, and diagnostic equipment. A failure of a computer or an embedded microprocessor to properly recognize and process the year 2000 may result not only in an immediate data problem or failure of the equipment, but also in inaccurate data in patient admission and treatment records. The effects of this corruption of data could be long-lasting: Inaccurate data entered into electronic databases may cause errors for years to come. Hospitals must identify those areas where a Y2K problem could affect patient care and take measures to mitigate their risk.
Remedies likely will be traditional
While the Y2K problem is unique, standards for recovery and remedies for failures likely will be those traditionally applicable to the medical care industry. Thus, in determining the reasonableness of using a specific item that turns out to be non-Y2K-compliant, hospitals will have to be judged as a medical treatment provider possessing knowledge that it may have Y2K problems with some of its equipment or operations. As medical providers, hospitals are held to a high standard of care to ensure their systems do not cause injury or hamper the care given to a patient entrusted to them. The critical issue then will be whether the hospital breached this duty when using equipment that was not Y2K compliant.
Foreseeability is one of the wild cards in assessing the potential liability of a hospital for a Y2K failure and may complicate the application of the traditional approach. At this point in time, no one could seriously doubt that the hospital industry is aware of at least the general aspects of the Y2K problem. However, while the general outlines of the problem are well-known, its effect on specific equipment or software may not be known or foreseeable. This may be difficult for hospitals because a given computer system or piece of medical equipment that has worked without problem for an extended period may fail to perform correctly on a certain date. Indeed, the hospital may not even be aware that the equipment is controlled by a microprocessor or is sensitive to date data.
Plaintiffs will argue that a hospital should have known of the potential problems and corrected them to prevent an inevitable, foreseeable injury, such as improper medication being dispensed. A hospital may be able to successfully claim it relied on the equipment manufacturers’ assertions about Y2K compliance and join these manufacturers as third parties or treat them as a source of indemnification. This strategy may work for newer equipment, but it will be unlikely to succeed for older equipment for which no assertions of Y2K compliance were made by suppliers, especially if there was notification from the manufacturer or distributor that the equipment unequivocally would not function properly in the year 2000.
Further, while the hospital may try to rely upon its ignorance of an embedded microprocessor in a particular piece of equipment, or its dependence on date-related data, the hospital may be held to a higher duty of inquiry because of the general knowledge of the potential pervasiveness of the Y2K problem.
One obvious potential effect of a hospital system that is not Y2K compliant is the inability of the system to pay its bills promptly and accurately. As an example, many problems could arise from the hospital’s inability to accurately calculate such key parameters for the compensation of its employees as seniority, eligibility for sick and vacation time, and number of hours worked. Similar problems could be generated in the payment of doctors, consultants, suppliers, or contractors. This could result in the liability of the hospital for late or inaccurate payment, or even nonpayment.
On the other end of the cash flow, a defective hospital billing system could result in the submission of late, inaccurate, or defective requests for reimbursement of expenses under Medicare or other such programs. This could result in serious cash flow disruptions that could jeopardize the financial health of a hospital.
A defective billing system may lead to liability for the hospital’s leaders. The directors and officers of a for-profit hospital owe fiduciary duties of care to act in the best interest of their shareholders. When the shareholders believe the corporate leaders have breached their fiduciary duty resulting in financial harm to the business, they may file derivative suits on behalf of the corporation. Hospital corporations that suffer major business disruptions, financial losses, or regulatory actions as a result of Y2K failures could face derivative suits. The directors and officers could be liable for failing to properly prepare for Y2K problems and allowing those problems to disrupt the hospital to the extent that it faces enormous legal liability, either from operating losses or an excessive number of successful Y2K-related negligence suits.
Informed of problem, directors must act
Although courts differ as to the reasonableness of the directors’ and officers’ business judgment in making corporate decisions, most jurisdictions will find directors have not exercised good business judgment where they failed to act after being informed of a significant problem that could adversely affect the best interest of the hospital. The directors’ failure to act on the Y2K problem could expose them to personal liability. Even if a board does establish a review program and significant Y2K problems are found, the directors and officers still may breach their fiduciary duty if the board fails to adopt and monitor reasonable remediation measures.
Furthermore, such liability may extend in some jurisdictions to nonprofit hospitals where the officers and directors are considered public trustees of a "public charity" who owe a fiduciary duty of care and loyalty to the corporation. In fact, some state legislatures have given the state attorney general specific authority to oversee the expenditure and administration of funds by nonprofit hospitals and similar charitable institutions.
While the Y2K problem has garnered the industry’s attention, hospitals must not forget the ever-present effect of the federal government’s continued aggressive use of the civil False Claims Act to combat perceived abuses in reimbursement of hospitals under Medicare and similar programs. The broad language of the False Claims Act, and its low threshold for proof of a violation, greatly increase hospitals’ potential liability for defective requests for reimbursement arising from Y2K failures. Since defective or inaccurate reimbursement requests could be treated as false, submission of inaccurate reimbursement requests generated by a system the hospital should have known would produce inaccurate and incorrect data may result in substantial civil liability, including penalties of $5,000 to $10,000 per false reimbursement request.
Furthermore, hospitals face an exceedingly complex regulatory environment involving federal and state agency oversights. In addition to the complex rules for seeking reimbursement under government medical insurance programs, hospitals must contend with accreditation, licensure, quality assurance, treatment guidelines, and patient record privacy. If the Y2K problem causes errors in the billing or record keeping or otherwise disrupts the hospital’s ability to meet regulatory requirements, adverse agency actions could follow.
(Editor’s note: Pavlick is a partner and West is an associate in Venable’s government contracts practice group. Pavlick is co-chair of Venable’s Y2K task force and works closely with members of the firm’s health care practice group, chaired by Robert Zinkham, JD, in its Y2K health care initiative.)
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.