Home care companies are increasingly seeking to gather information about potential customers interested in the company's products, and then communicating with these leads with the hope to convert them. Such leads can be a highly lucrative source of revenue.
However, if customer leads are developed or pursued improperly, HME companies can find themselves in serious legal trouble because of the anti-kickback statute, HIPAA privacy laws, Medicare supplier standards, the Fair Credit Reporting Act and state law. Read on to identify the opportunities and dangers of leads contracts so that you may obtain, pursue and convert potential customers both safely and effectively.
“Leads” are not customers for the HME company, but rather potential customers. They are people who have indicated an interest in particular types of products or services, such as mobility equipment or diabetic supplies, but have not yet made any decision. Sometimes these leads are acquired by the company's sales rep, who gathers information about interested potential customers at education programs, health fairs or by word of mouth. Other times the leads come in the form of lists purchased from organizations that gather such information for resale. Leads might be part of the Medicare or other government programs or they might be covered by commercial insurance.
Leads can come from advertisements, membership organizations, the Internet or most anywhere else. Potential customers may initiate contact via a toll-free telephone line, or they may sign and return forms with their contact information from direct mail or print media. They may click on a box in a Web site to give consent, or on an email hyperlink. Regardless, the lead information — name, address, telephone number, email, product categories of interest — are compiled, perhaps screened and then passed on to the HME company for pursuit.
Cold-Calling
Medicare rules restrict the methods by which home care companies can contact potential customers. Medicare has an anti-solicitation statute that prohibits HME companies from contacting Medicare beneficiaries by telephone concerning the provision of DMEPOS.
Exceptions to this prohibition are limited to contacts in connection with an existing or past relationship between the company and the patient, and circumstances when the company has received “written permission” from the beneficiary for the contact.
This issue is also addressed in the Medicare Supplier Standards. Standard No. 11 prohibits a supplier from impermissibly contacting potential customers. In 2008, when CMS released its proposed changes to the supplier standards (which were never implemented), CMS made clear that it currently interpreted that standard to include not only telephone solicitations of new business but also in-person contacts and, perhaps, some Internet contacts as well. Written permission is also key here.
So, for example, the cold call rules would allow a potential customer who approaches a sales rep at a job fair or educational seminar and consents to further communication to be contacted in person, by phone or by USPS mail or email. But if Jane Doe asks the company to contact her friend Mary, such contact is not permitted other than by mail unless and until Mary herself consents to the contact.
The company rep may give literature to Jane to pass on to her friend, or a request for contact card or an email address for Mary to use to request further contact. It would also be permissible for Jane to ask for further contact for herself to gather more information to pass on to her friend.
These “cold call” rules are also important when developing or purchasing lead lists. In order for an HME company to be permitted by the Medicare rules to contact the names supplied from the lead lists, it must be clear that the lead has consented to the contact.
Sometimes the lead-generating company will obtain such consent when potential customers respond to an advertisement or a mailing by returning a card expressing interest in a particular product line or service. As long as the wording on the consent card is clear, this method should be sufficient to satisfy the Medicare rules. Regardless, be sure the consent specifically allows contacts by telephone, in person or whatever other means is contemplated.
Further, written consent may include both permission to be contacted as a potential lead as well as subsequent permission to be contacted by the HME company once the lead company is able to verify the potential customer's interest in the HME's product lines.
Anti-Kickback Rules
The anti-kickback statute also has direct application to lead generation and development.
This statute, which applies to Medicare and other government-reimbursed programs, prohibits a person or entity from knowingly, willfully or recklessly offering to pay anything of value in order to induce another person or entity to refer a patient for, or to arrange the furnishing of, any item for which payment may be made under a federal health care reimbursement program, or to purchase or lease (or recommend the purchase or lease of) any item covered by the programs.
Further, the law is clear that the statute is violated even if one purpose of the payment is to induce referrals. So, while the purchase of leads is permitted under appropriate circumstances, the purchase of referrals is not permitted.
What, then, is the difference between a referral and a lead?
Someone who intends to become a customer, and whom the HME company intends to serve once reimbursement qualifications are satisfied, is a referral. A lead, in contrast, would be someone who may or may not be a patient, may or may not qualify, may or may not be interested in further contact or receipt of information for his or her own purposes, and may or may not be seeking information purely for educational purposes or to pass on to a friend or whatever.
I realize that this definition of a “lead” is not standard, and that many companies that sell leads also offer to “qualify them” by verifying medical condition, insurance coverage or other information necessary before the HME will be able to provide reimbursable services to that person. However, this level of interrogation to a prospective customer almost certainly crosses the line from creating a legal lead purchase to creating an impermissible payment for referrals.
This issue was addressed for the first time in the specific context of the health care anti-fraud rules in November 2008, when the Office of Inspector General issued an advisory opinion concerning Internet leads.
That advisory opinion focused on a proposed arrangement wherein Web sites targeting people interested in chiropractic services would invite browsers to enter their zip codes. The sites would then create lists of telephone numbers and email addresses of chiropractors who practiced within the indicated zip codes.
When the lead then called the number or sent an email, the communication would be routed to the listed chiropractor, for which the advertiser would be paid a “per lead” fee based on the quantity of communications.
The OIG indicated in its opinion that it would not seek enforcement action under the anti-kickback statute for this proposed arrangement. The OIG focused on several key factors that it deemed important to its comfort level.
First, the arrangement did not actively steer patients to a particular provider through hard-sell or other pressure tactics. Second, no “health care information” was collected by the Web site concerning the potential patient. Third, the proposed system would passively route the emails or calls initiated by the lead.
This advisory opinion, in combination with the anti-kickback statute and the cold-call rules, appears to suggest that the OIG is comfortable with lead-generating mechanisms, payment for leads and so forth as long as there is no pressure put on the lead and as long as the lead is “unqualified.”
In other words, an HME company or lead-generating company must limit communications to persons who have explicitly consented to be contacted by the company (or by “a company that provides the products and services” of interest). Further, specific personal information such as the lead's age, illness, products currently being used, physician name and insurance coverage, etc., will likely push the person from being a raw lead over to being a “referral” for whom payment is prohibited.
I have had several clients ask whether they can engage the lead-generating company to create the leads and then subsequently also use the company to try to qualify the leads as customers for their home care company.
This is problematic. First, it must be clear to the lead at the time of the second contact that the lead is acting as an agent of the home care company, pursuant to the lead's consent to receive further information. Second, even if the lead company truly could wear the proverbial “two different hats,” one as itself and one as the home care company's agent, this will still appear very suspicious to the government. It would be very difficult to prove persuasively (and with 100 percent consistency) that the two roles were distinct. It is far better to avoid the danger by having the lead company's role be limited to producing a legally compliant lead list.
Other Rules
HIPAA also applies to the purchase of lead lists. HIPAA prohibits the disclosure or use of protected health information (PHI), except as specifically permitted or required by the rules.
Such PHI includes information created or received by, or on behalf of, the HME company that identifies the person specifically and that relates to the provision of health care for the person; or, to the past, present or future payment for services; or, that relates to past, present or future medical conditions.
This definition thus clearly applies to information generated from a lead, particularly if the information relates to the lead's interest or entitlement to DMEPOS. So, an HME company's use of the information is subject to HIPAA, and any work a lead company does on behalf of the HME company is similarly subject to that law.
A potential customer is certainly allowed to give out personal health information to a lead company via telephone conversation or Internet checklist. However, the lead company is only permitted to pass on that information to an HME company if the patient has consented to that release.
HIPAA considers such communication “marketing,” which it defines as “a communication about a product or service that encourages recipients of the communication to purchase or use the product or service.” HIPAA prohibits the lead company from marketing its lead information to home care companies unless written authorization from the lead is obtained prior to that transmission of information. So, once again, the rules require explicit verification of consent. But remember: The anti-kickback rules still apply. Payment for a qualified lead is still likely a prohibited payment for referral, regardless of the customer's consent.
For any such relationships that involve the communication of protected health information, a “business associate's agreement” between the lead generating company and the home care company is recommended. Even when the parties do not intend to include the gathering or transmission of protected health information as a part of their relationship, it probably makes sense to include HIPAA-compliant business associate language in the contract.
The Fair Credit Reporting Act also applies to lead contracts. This act applies substantial regulatory and reporting requirements on “consumer reporting agencies,” defined as any person or entity which for a fee “regularly engages … in the practice of assembling or evaluating consumer credit information or other information on consumers for the purpose of furnishing consumer reports to third parties, and uses any means or facility of interstate commerce for the purpose of preparing or furnishing consumer reports.”
A “consumer report” is defined by the FCRA as any communication of any information by a consumer reporting entity that bears “on a consumer's creditworthiness, credit standing, credit capacity, character, general reputation, personal characteristics or mode of living which is used or is expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer's eligibility for [credit, insurance or other authorized purposes].”
Any information concerning a lead's coverage eligibility or payment for insurance details, etc., would likely render the lead company as a “consumer reporting agency” and the transmission of that information a “consumer report.” On the other hand, if the information is limited to name, address, contact information and general interest in receiving further discussion, it is likely that the lead list would not be considered a consumer report.
Further, the lead list is permitted if the transmission of information is pursuant to the lead's consent, “orally or in writing to the nature and scope of the communication.”
Thus, lead contacts that do not “qualify” the lead, that is, do not gather insurance information or medical information, would seem to be outside the scope of the FCRA requirements. On the other hand, lead sheets that include such information would appear to constitute a consumer report potentially triggering the substantial obligations, reporting and otherwise, under the FCRA.
Finally, don't forget that state law may have something to say about lead contracts. Be sure to check the law, for both the home care company's and lead company's states, to see whether they have anything to say about lead contracts in their consumer protection rules, state privacy laws or health care anti-referral rules.
Special Internet Issues
Special considerations arise with Internet leads. Leads clearly agree to be contacted by an HME company when they submit explicit written verification of their consent via a mail-in response postcard, a membership application or a new user response card, etc.
But when consent takes the form of clicking on a hyperlink or a “yes box” on an Internet Web site, consent is far less clear. Did the person click accidentally? Did he understand specifically that he was asking for communication about health care issues from a home care company? Did he wish to change his mind but was blocked from doing so by the Web site's limitations?
It is important that all of these concerns be alleviated in the email or Web site structure. Potential leads should have to verify that they intended to ask for further communication.
It is important that they be required affirmatively to “opt in” to the communication, instead of merely inferring their consent because they didn't “opt out” from further communication. Note that the FCRA stated (in a different provision of the law) it did not view an electronic click on the Internet as meeting the requirements inherent in the “written instructions” requirement.
While there are other provisions of the rule that seem to back away from this concern, it is clear that the lead's decision to “opt in” for further communication must be clear. I usually recommend a “double click” procedure by which the user must verify both consent to be contacted and that the giving of consent was not misunderstood or accidental.
There must be no ambiguity in the nature of this consent. Do not talk vaguely about some sort of future communication from unidentified persons. The consent must clearly verify the lead's willingness to have information passed on to “affiliated companies” and to have such companies contact them with product or service information tied to their specific interests. This is not a time to be “cute.” Be clear and explicit.
Any relationship with a lead company should be reflected in a written contract, carefully constructed to cover all of the relevant legal concerns. The contract should identify the relationship by which the home care company will purchase from the lead company information from leads who clearly gave their consent to be contacted. The lead company should verify it is following the necessary script and procedures to ensure proof and clarify such consent.
The HME company should have the clear right to audit the lead company's operations to verify compliance. The lead company should indemnify the HME company against any claims made under the argument that the lead did not give consent.
Also, the contract should allow the HME company to terminate the agreement immediately in the event of any failure to follow the protocols. All scripts used by the lead company should be shared with and approved by the HME company.
I expect that HME companies will continue to purchase leads for the indefinite future. They are a profitable investment and, when handled correctly, offer information and convenience to prospective customers. But the legal issues raised by careless lead generation relationships are real and substantial. Care and caution can yield big dividends without big risks.
SCRIPT DOs AND DON'Ts
Here are some examples of script language that address the legal concerns attendant to lead generations. They apply equally to telephone, mailing or Internet scripts.
-
Don't say “Please tell us what your needs are.” Say “Please tell us what information [or health care resources] you may want.”
-
Don't say “Do you or anyone in your household have diabetes?” Say “Are you or any of your friends or family interested in learning about supplies or resources for people with diabetes?”
-
Don't ask if anybody in the household needs equipment, has certain diseases, is covered by certain insurances, etc.
-
Don't inquire about problems requiring mobility devices or other equipment or services.
-
Don't inquire about prescription or other coverage.
-
Don't offer discounts or incentives if they “act now.”
-
Don't ask about family medical history.
-
I also suggest that, if the caller tries to discuss personal clinical or insurance information at any time during the lead-generating telephone call, the lead company should be instructed to alert the prospective customer that they are not allowed to discuss the medical details during this call. Rather, when they match the lead up with the HME company, at that point the customer will be able to share the medical information.
Read more from Neil Caesar in his Compliance University columns.
Neil B. Caesar is president of the Health Law Center (Neil B. Caesar Law Associates, PA), a national health law practice in Greenville,S.C., focusing on business opportunities and regulatory issues for health care providers. He is also a principal with Caesar Cohen Ltd., which offers compliance training, outsourcing and consulting, and author of the Home Care Compliance Answer Book series. You can reach him at ncaesar@healthlawcenter.com or 864/676-9075.
Materials in this article have been prepared by the Health Law Center for general informational purposes only. This information does not constitute legal advice. You should not act, or refrain from acting, based upon any information in this presentation. Neither our presentation of such information nor your receipt of it creates nor will create an attorney-client relationship.
