Mid-Year Digital Health Report: Focus on Medicare - July 2018

by McDermott Will & Emery

McDermott Will & Emery

Where Things Stood

Understanding the impact of what we have seen so far this year first requires an understanding of where we were at the end of 2017, with respect to both Medicare reimbursement and provider adoption of telehealth solutions.

Hospitals and health systems have long understood that digital health technologies allow patients to be active participants in their health while also allowing health care providers to intervene before costs and complications escalate. At the close of 2017, direct-to-consumer telehealth companies had matured and were working closely with commercial payors to deliver telehealth services to plan beneficiaries. Reports on digital therapeutic tools, artificial intelligence applications and other digital health tools were in the media daily, and use cases continued to create evidence of both the efficacy and efficiency of digital health tools.

Under value-based reimbursement models, health care providers are penalized when patient care, particularly for chronic conditions, is not effectively managed. In order to manage the population now considered within their scope of care, and in anticipation of the rising care needs of the retiring baby boomer population, in 2017 providers were actively leveraging tools to help them succeed. In fact, a 2017 study reported that 73 percent of health care organizations use technology for monitoring and maintenance, with the most common use being patient monitoring at 64 percent.

Provider action tends to follow reimbursement dollars, however, and while Medicare has reimbursed for telehealth services for many years, the rules and restrictions associated with telehealth reimbursement have resulted in very limited utilization and actual Medicare reimbursement.

Prior to 2018, Medicare covered only real-time, audiovisual consultations with patients for a limited number of Medicare Part B services, and only when certain geographic, provider type and facility type criteria were met, with the exception of federal demonstration programs.  The biggest challenge was that reimbursement could only occur when the originating site (i.e., the patient’s location) was located either in a federal demonstration program, a rural Health Professional Shortage Area or a county outside of any Metropolitan Statistical Area, as defined by the Health Resources and Services Administration and the US Census Bureau.  This geographic restriction limited Medicare reimbursement to services provided to patients of health care facilities located in rural areas, and prevented reimbursement of services to patients outside of a medical facility (e.g., at home or at a workplace) or located in urban areas.  The restriction also undermined the broader implementation of telehealth programs because health systems could only develop programs for these specific use cases.

Indeed, the diversity of telehealth and digital health solutions continues to be one of the most difficult practical challenges associated with broad adoption. So while there is a patient care incentive to utilize digital health tools, there has been very little Medicare reimbursement incentive to provide services using digital health solutions—until now.

2018 and Beyond: A New Era?

In 2018 Medicare reimbursement has undergone massive expansion through a series of rules and laws, including a proposed rule promulgated in July 2018.

Unbundling of CPT Code 99091

CMS took a major step towards aligning patient care expectations with provider reimbursement in the revisions to the Physician Fee Schedule and Other Revisions to Part B for CY 2018; Medicare Shared Savings Program Requirements; and Medicare Diabetes Prevention Program Final Rule (published on November 15, 2017) (Final Rule).  The Final Rule began taking effect January 1, 2018.

Of particular note, CMS unbundled CPT code 99091, which allows providers to bill for remote patient monitoring (RPM), fundamentally changing the scope of Medicare reimbursement for remote care. As the Connected Health Initiative stated, “[u]ntil now, connected health technologies have been effectively locked out of the most important part of America’s healthcare system, Medicare and Medicaid.” With this change, CMS not only provided an added incentive for providers to take advantage of digital health tools to benefit patients, but improved the business case for providers who have already invested in those tools to leverage them for patient care via RPM.

Prior to the adoption of the Final Rule, CMS rules prohibited billing certain remote care tasks for a patient during the same service period as many of the treatments that commonly use RPM services. Specifically, this category includes chronic care management (CCM) codes 99487, 99489 and 99490 (which include management of cardiovascular disease, chronic obstructive pulmonary disease (COPD), diabetes and hypertension, among others); transitional care management (TCM) codes 99495 and 99469 (which include services for the time between a patient’s discharge from the hospital, rehab, nursing or similar facility and the patient’s return home or admission to an assisted living facility); and general behavioral health integration (BHI) code 99484.  Thus, if a provider used RPM for a patient with COPD receiving services billable under any of the above CCM codes, then the provider would receive no reimbursement for the RPM services. However, with the adoption of the Final Rule, RPM services that are billable under 99091 can be billed once during the same 30-day service period as any CCM,  TCM or BHI  codes discussed.

The Final Rule states that CPT code 99091 is for “collection and interpretation of physiologic data (e.g., ECG, blood pressure, glucose monitoring) digitally stored and/or transmitted by the patient and/or caregiver to the physician or other qualified health care professional, qualified by education, training, licensure/regulation (when applicable) requiring a minimum of 30 minutes of time.” Providers can use the code for time spent accessing data, reviewing or interpreting the data, and making any necessary modifications to the care plan that result, including communication with the patient and caregiver and any associated documentation.

CPT code 99091 is payable in both facility and non-facility settings, but there are other specific eligibility requirements. In addition to the requirement that the code be billed once per 30-day service period per patient, the provider must obtain advance beneficiary consent for the service and document the consent in the patient medical record. For new patients or patients who have not been seen by the billing provider within one year, the provider and patient must also have a face-to-face consultation. The unbundled code is applicable to physicians, physician assistants, nurse practitioners, certified nurse midwives, clinical nurse specialists and their teams. The services are ineligible if provided via subcontractor, however, which has discouraged collaborations between health care providers and RPM technology companies that desire to offer remote monitoring services. While providers can take advantage of digital health tools to support their RPM services, the analytic tasks must be provided by the clinical care team. Comments submitted to CMS expressed concern that the current code may not optimally describe the services furnished using current technology. However, CMS indicated that the unbundling of 99091 is an interim measure for reimbursement of RPM services while new, more specific RPM codes are developed. As CMS stated, “separate payment for this code will not mitigate the need for coding revisions.”

Other Notable 2018 Fee Schedule Final Rule Changes

In addition to unbundling code 99091, the Final Rule also expands allowable telehealth reimbursement and permits virtual sessions in certain circumstances under the Medicare Diabetes Prevention Program Expanded Model (MDPP), as we reported here.

New and add-on services

CMS evaluates requests for the addition of telehealth services on the basis of two categories: (1) services that are similar to services already on the list, and (2) services that are not similar to services already on the list. An evaluation of a category 2 service requires CMS to assess, based on the submission of evidence, whether the use of a telecommunications system to furnish the service “produces demonstrated clinical benefit to the patient.”

Upon review of several public requests, CMS determined that the following services met the category 1 requirement:

  • Healthcare Common Procedure Coding System (HCPCS) code G0296 – counseling visit to discuss the need for lung cancer screening
  • Current Procedural Technology (CPT) codes 90839 and 90840 – psychotherapy for crisis

Payment for these services is conditioned upon the distant site practitioner having the ability to mobilize originating site resources to diffuse a crisis and restore safety, when applicable.

The following four add-on (category 2) CPT and HCPCS codes were also added:

  • CPT code 90785 – interactive complexity
  • CPT codes 96160 and 96161 – administration of patient-focused health risk assessment instrument, and administration of caregiver-focused health risk assessment instrument
  • HCPCS code G0506 – comprehensive assessment or/and care planning for patients requiring CCM services

In instances where CMS is unable to confirm whether all components of a service may be performed via telehealth, an explicit condition of payment may be added alongside the code to ensure that all CPT (or other) prefatory requirements are met.

Medicare diabetes prevention program virtual sessions

MDPP is a “structured behavior change intervention” designed to prevent type 2 diabetes among Medicare beneficiaries with an indication of prediabetes. MDPP consists of 16 sessions that integrate a Centers for Disease Control and Prevention-approved curriculum in an in-person, “group-based, classroom-style setting.” The curriculum provides practical training in dietary changes, increased physical activity and strategies to control weight. Under the Final Rule, MDPP beneficiaries may make up a limited number of sessions “virtually” at the request of the individual beneficiary. The virtual sessions may include furnishing behavioral change programs online (e.g., via a connected smart phone, tablet, computer, laptop); furnishing coaching programs online with other means of support by the coach (e.g., via telecommunications, video conferencing); or distance learning that does not require online connectivity (e.g., via phone). The sessions will be billed using a modifier for CMS’s tracking purposes. MDPP services that are exclusively furnished virtually or using remote technologies (without in-person attendance) will not be reimbursed.

2018 Quality Payment Program Final Rule

In tandem with the Final Rule, CMS released the 2018 Quality Payment Program Final Rule. Physicians and other eligible practitioners who participate in the Merit-Based Incentive Payment System must attest to their participation in two “High” weighted activities and four “Medium” weighted activities, or a combination, to obtain the maximum performance score. By changing the classification of the Improvement Activity Performance Category called “Engage Patients and Families to Guide Improvement in the System of Care” from Medium to High, CMS incentivized providers to use RPM technologies that provide real-time feedback to patients and their care team. The updates require providers to leverage platforms and devices using an active feedback loop to provide real-time, or near real-time, patient-generated health data to the care team or clinically endorsed feedback from the provider to patients.

In combination with the Fee Schedule changes, including changes to CPT code 99091, this change further demonstrates that CMS is getting behind digital health initiatives in a real way.

The Bipartisan Budget Act of 2018

The Bipartisan Budget Act of 2018 passed in February includes significant expansion of direct reimbursement for telehealth services by incorporating provisions of the CHRONIC Care Act, which had, in different forms, passed both houses of Congress in 2016. These provisions represent the first significant legal expansion of Medicare reimbursement of telehealth services since Medicare first started to reimburse telehealth services.

Expanded access to telehealth stroke services

Beginning in 2019, Medicare will reimburse telehealth consultations with neurologists with respect to patients presenting with stroke symptoms at hospitals or mobile stroke units. The provision eliminates the current geographic restriction that limits originating sites to rural areas. This allows distant site providers delivering telestroke services to receive a professional fee for delivering the consultation to patients located anywhere in the United States, provided that the other Medicare telehealth coverage requirements are satisfied (e.g., type of provider, type of technology).

Expanded telehealth services for chronically ill Medicare Advantage enrollees

Beginning in plan year 2020, Medicare Advantage (MA) plans can offer expanded telehealth services as a basic benefit to chronically ill enrollees. MA enrollees would have the option to receive these additional benefits through telehealth or in person. However, a plan that fails to provide in-person access to a certain type of physician specialist cannot meet network adequacy requirements by providing solely telehealth access to such providers. HHS is required to solicit public comment before November 30, 2018, with respect to the types of telehealth services that should be considered and the requirements for providing those services.

Expanded telehealth opportunities for Accountable Care Organizations (ACOS)

Beginning in 2020, certain ACOs will have an increased opportunity to provide Medicare reimbursable telehealth services with the removal various barriers. The changes allow a beneficiary’s home to qualify as an originating site, and eliminate the geographic component of the originating site requirement. Not surprisingly, the provision eliminates the originating site fee if the service is furnished in the patient’s home. This additional telehealth flexibility is available for Next Generation ACOs and for additional ACOs, including MSSP Track II (if the ACO remains at two-sided risk and chooses prospective assignment), MSSP Track III, and two-sided risk ACO models with prospective assignment tested or expanded through the Innovation Center.

The Secretary was asked to study the implementation of this provision and report to Congress before January 1, 2026 with an analysis of the utilization of and expenditures for telehealth services under this section and recommendations for any appropriate legislation and administrative action.

CMS Proposed Rule (Physician Fee Schedule) Released July 12, 2018

CMS’s Notice of Proposed Rulemaking, Revisions to Payment Policies under the Physician Fee Schedule and Other Revisions to Part B for CY 2019 (Proposed Rule) would expand reimbursement for physicians and other qualified health care providers under a variety of specific circumstances. Comments on the Proposed Rule may be submitted until September 10, 2018.

Brief (5–10 minute) virtual visits by qualified providers with existing patients

The Proposed Rule would reimburse virtual care services between visits to determine whether a patient’s condition requires an office visit. Reimbursement for virtual visits would be billed using HCPCS code GVCI1 at a rate of $14 per visit, which is much lower than the cost of an E/M visit, and would be available only with respect to existing patients of the practitioner. This change could potentially result in cost savings to Medicare if it effectively reduces unnecessary office visits by allowing providers to use technology to communicate with their patients to assess their patients’ needs (in a rather common-sense way). Currently, CMS does not separately cover these types of check-ins between providers and patients, but dedicated providers across the country have offered this type of assistance regardless.

If the virtual care service originates from a related E/M service delivered at some point within the prior seven days, the virtual care service would not be separately reimbursable, as the follow-up visit would be “bundled” into the Medicare payment for the previous E/M service. Similarly, if the virtual care service leads to an E/M service with the same physician, the virtual care service would be “bundled” into that E/M service and would not be separately reimbursable.

CMS believes that this approach could be beneficial in a variety of ways. For example, it notes that this could assist in the treatment of opioid use disorders and other substance use disorders “since there are several components of Medication Assisted Therapy (MAT) that could be done virtually, or to assess whether the patient’s condition requires an office visit.” At the same time, CMS recognizes that it may need to address a few concerns. Specifically, CMS is seeking comments on whether a frequency limitation should be imposed and also what sort of documentation regarding medical necessity would be appropriate, among other things.

Review of patient images or video (store and forward)

The Proposed Rule provided that HCPCS GRAS1 code (Remote Evaluation of Pre-Recorded Patient Information) be used for reimbursement for reviewing “recorded video and/or images captured by a patient in order to evaluate the patient’s condition” and to determine whether the patient requires an in-person office visit. This proposed change would apply to all providers, which would be significant given that “store and forward” telehealth services are currently only reimbursed by Medicare in very limited circumstances.

As with the virtual visits described above, this service would not be separately reimbursable if it results from an E/M service provided within seven days prior, or leads to E/M services. CMS is seeking comment on whether this service should be limited to existing patients “or whether there are certain cases, like dermatological or ophthalmological services, where it might be appropriate for a new patient to receive these services.”

Provider-to-provider consultations

Codes 994X6, 994X0, 99446, 99447, 99448 and 94449 may be used to reimburse provider-to-provider consults in the context of care management or care coordination activities. These codes may be used for “assessment and management services conducted through telephone, internet, or electronic health record consultations furnished when a patient’s treating physician or other qualified healthcare professional requests the opinion and/or treatment advice of a consulting physician or qualified healthcare professional with specific specialty expertise to assist with the diagnosis and/or management of the patient’s problem without the need for the patient’s face-to-face contact with the consulting physician or qualified healthcare professional.”

This expansion of reimbursement (away from a service that would otherwise be bundled through face-to-face encounters) is derived from CMS’s recognition that current coding does not accurately reflect trends in medical practice. Specifically, CMS believes that “making separate payment for interprofessional consultations undertaken for the benefit of treating a patient will contribute to payment accuracy for primary care and care management services.” Nonetheless, CMS is concerned about program integrity and is seeking comments on how CMS might be able to evaluate whether the services are reasonable and necessary under the circumstances.


Crucially, CMS is cognizant of the impacts these changes may have on Medicare cost with respect to utilization and avoidable utilization of other services. Its analysis is that because reimbursement is generally low for these services, utilization will be fairly low, but could increase to upwards of 19 million visits per year. CMS also expects that the number of additional services resulting from these new services will outweigh avoided utilization. Accordingly, CMS expects that the financial impact of paying for the communication-technology-based services will be an increase in Medicare costs. Unfortunately, this does not bode well for reimbursement generally: “In order to maintain budget neutrality in setting proposed rates for CY 2019, we assumed the number of services that would result in a 0.2 percent reduction in the proposed conversion factor.”

CMS Proposed Rule (Home Health) Released July 2, 2018

In an effort to encourage more home health agencies (HHAs) to adopt RPM, the CMS Proposed Changes to the Home Health Prospective Payment System released July 2, 2018, propose the inclusion of RPM costs on the HHA cost report as an allowable cost. Allowing HHAs to report the costs of RPM on the HHA cost report as part of their operating expenses means these costs would then be factored into the costs per visit, which has important implications for purposes of assessing HHA costs relevant to payment, including HHA Medicare margin calculations. CMS is soliciting comments on the proposed definition of remote patient monitoring under the Home Health Agency Prospective Payment System to describe the telecommunication services that are used by HHAs to augment the patient’s plan of care during a home health episode. In addition, CMS has requested comments regarding additional opportunities to use telehealth technologies for consideration in future rulemaking, which further evidences CMS attention to how telehealth can improve the delivery of home health services.

CMS Proposed Rule (Outpatient Hospital Services) Released July 25, 2018

In the CMS Proposed Changes to Hospital Outpatient Prospective Payment and Ambulatory Surgical Center Payment Systems and Quality Reporting Programs released on July 25, 2018, CMS has asked members of the public to submit their ideas on ways to promote the interoperability and electronic information exchange, and potential revisions to CMS patient health and safety requirements for hospitals and other Medicare- and Medicaid-participating providers and suppliers “to fully understand all of these health IT interoperability issues, initiatives, and innovations through the lens of its regulatory authority.” CMS is “particularly interested in identifying fundamental barriers to interoperability and health information exchange, including those specific barriers that prevent patients from being able to access and control their medical records.”

Don't Get Too Excited

Reimbursement for services delivered via digital health solutions should continue to improve beyond 2018, based on Congress’ and CMS’s desire to identify additional appropriate uses of telehealth and to reevaluate the current Medicare coverage requirements, CMS’s recent expansions of and proposed changes to the list of covered services, and the fact that Medicare and Medicaid payments for telehealth services are at an all-time high. However, this must be understood in context.

First, it is important to note that although Congress has significantly improved the financial environment for telehealth through the Bipartisan Budget Act, it has not altered in any fundamental way the very restrictive structure for telehealth reimbursement. With the exception of broadening the flexibility for MA Plans, the Bipartisan Budget Act essentially creates very specific exceptions to that structure by waiving certain, but not all, of its requirements, and then only under specific circumstances. This seems to be consistent with the approach suggested by the Medicare Payment Advisory Commission in its report to Congress on telehealth issued as required by the 21st Century Cures Act: “[P]olicymakers should take a measured approach to further incorporating telehealth into Medicare by evaluating individual telehealth services to assess their capacity to address the Commission’s three principles of cost reduction, access expansion, and quality improvement.” Accordingly, we should not expect significant or unbridled congressional efforts to expand telehealth coverage under Medicare.

Second, as demonstrated by the reference to a likely fee schedule offset in the Proposed Rule, we should recognize that even though CMS is interested in expanding telehealth reimbursement, it remains focused on the bottom line of Medicare reimbursement as a whole. Accordingly, while digital health reimbursement expansion may be more likely in the future, broad support for these efforts may be tempered by the possibility of financial offset in other reimbursement areas.

Finally, the OIG’s addition of Medicaid and Medicare telehealth payment audits to the 2018 Work Plan and recent reports indicating high billing errors demand that telehealth providers fully understand and develop procedures for complying with the associated regulatory and compliance requirements in advance. One key step in this process requires that providers review and update their corporate compliance programs—particularly billing, coding and documentation policies—to confirm that the provider and any partners properly bill for services, and that the compliance program effectively prevents, identifies and offers pathways for addressing billing compliance issues. With the changes in 2018, this task has simply gotten harder.

Although these comments may reflect a tempering of expectations and a word of caution relative to enforcement, they are also indicative of a very positive trend for telehealth. The Medicare reimbursement regime’s efforts to expand reimbursement for certain telehealth services, focus on its role within larger policy goals and concerns related to fraud also reflect the government’s perspective that these services are no longer a novelty and deserve attention.

The authors would like to acknowledge and thank Karen S. Sealander, Shelby Buettner and McDermott Summer Associate Emily Edwards for their contributions to this article.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© McDermott Will & Emery | Attorney Advertising

Written by:

McDermott Will & Emery

McDermott Will & Emery on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide

JD Supra Privacy Policy

Updated: May 25, 2018:

JD Supra is a legal publishing service that connects experts and their content with broader audiences of professionals, journalists and associations.

This Privacy Policy describes how JD Supra, LLC ("JD Supra" or "we," "us," or "our") collects, uses and shares personal data collected from visitors to our website (located at www.jdsupra.com) (our "Website") who view only publicly-available content as well as subscribers to our services (such as our email digests or author tools)(our "Services"). By using our Website and registering for one of our Services, you are agreeing to the terms of this Privacy Policy.

Please note that if you subscribe to one of our Services, you can make choices about how we collect, use and share your information through our Privacy Center under the "My Account" dashboard (available if you are logged into your JD Supra account).

Collection of Information

Registration Information. When you register with JD Supra for our Website and Services, either as an author or as a subscriber, you will be asked to provide identifying information to create your JD Supra account ("Registration Data"), such as your:

  • Email
  • First Name
  • Last Name
  • Company Name
  • Company Industry
  • Title
  • Country

Other Information: We also collect other information you may voluntarily provide. This may include content you provide for publication. We may also receive your communications with others through our Website and Services (such as contacting an author through our Website) or communications directly with us (such as through email, feedback or other forms or social media). If you are a subscribed user, we will also collect your user preferences, such as the types of articles you would like to read.

Information from third parties (such as, from your employer or LinkedIn): We may also receive information about you from third party sources. For example, your employer may provide your information to us, such as in connection with an article submitted by your employer for publication. If you choose to use LinkedIn to subscribe to our Website and Services, we also collect information related to your LinkedIn account and profile.

Your interactions with our Website and Services: As is true of most websites, we gather certain information automatically. This information includes IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use this information to analyze trends, to administer the Website and our Services, to improve the content and performance of our Website and Services, and to track users' movements around the site. We may also link this automatically-collected data to personal information, for example, to inform authors about who has read their articles. Some of this data is collected through information sent by your web browser. We also use cookies and other tracking technologies to collect this information. To learn more about cookies and other tracking technologies that JD Supra may use on our Website and Services please see our "Cookies Guide" page.

How do we use this information?

We use the information and data we collect principally in order to provide our Website and Services. More specifically, we may use your personal information to:

  • Operate our Website and Services and publish content;
  • Distribute content to you in accordance with your preferences as well as to provide other notifications to you (for example, updates about our policies and terms);
  • Measure readership and usage of the Website and Services;
  • Communicate with you regarding your questions and requests;
  • Authenticate users and to provide for the safety and security of our Website and Services;
  • Conduct research and similar activities to improve our Website and Services; and
  • Comply with our legal and regulatory responsibilities and to enforce our rights.

How is your information shared?

  • Content and other public information (such as an author profile) is shared on our Website and Services, including via email digests and social media feeds, and is accessible to the general public.
  • If you choose to use our Website and Services to communicate directly with a company or individual, such communication may be shared accordingly.
  • Readership information is provided to publishing law firms and authors of content to give them insight into their readership and to help them to improve their content.
  • Our Website may offer you the opportunity to share information through our Website, such as through Facebook's "Like" or Twitter's "Tweet" button. We offer this functionality to help generate interest in our Website and content and to permit you to recommend content to your contacts. You should be aware that sharing through such functionality may result in information being collected by the applicable social media network and possibly being made publicly available (for example, through a search engine). Any such information collection would be subject to such third party social media network's privacy policy.
  • Your information may also be shared to parties who support our business, such as professional advisors as well as web-hosting providers, analytics providers and other information technology providers.
  • Any court, governmental authority, law enforcement agency or other third party where we believe disclosure is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals' personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
  • To our affiliated entities and in connection with the sale, assignment or other transfer of our company or our business.

How We Protect Your Information

JD Supra takes reasonable and appropriate precautions to insure that user information is protected from loss, misuse and unauthorized access, disclosure, alteration and destruction. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. You should keep in mind that no Internet transmission is ever 100% secure or error-free. Where you use log-in credentials (usernames, passwords) on our Website, please remember that it is your responsibility to safeguard them. If you believe that your log-in credentials have been compromised, please contact us at privacy@jdsupra.com.

Children's Information

Our Website and Services are not directed at children under the age of 16 and we do not knowingly collect personal information from children under the age of 16 through our Website and/or Services. If you have reason to believe that a child under the age of 16 has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases.

Links to Other Websites

Our Website and Services may contain links to other websites. The operators of such other websites may collect information about you, including through cookies or other technologies. If you are using our Website or Services and click a link to another site, you will leave our Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We are not responsible for the data collection and use practices of such other sites. This Policy applies solely to the information collected in connection with your use of our Website and Services and does not apply to any practices conducted offline or in connection with any other websites.

Information for EU and Swiss Residents

JD Supra's principal place of business is in the United States. By subscribing to our website, you expressly consent to your information being processed in the United States.

  • Our Legal Basis for Processing: Generally, we rely on our legitimate interests in order to process your personal information. For example, we rely on this legal ground if we use your personal information to manage your Registration Data and administer our relationship with you; to deliver our Website and Services; understand and improve our Website and Services; report reader analytics to our authors; to personalize your experience on our Website and Services; and where necessary to protect or defend our or another's rights or property, or to detect, prevent, or otherwise address fraud, security, safety or privacy issues. Please see Article 6(1)(f) of the E.U. General Data Protection Regulation ("GDPR") In addition, there may be other situations where other grounds for processing may exist, such as where processing is a result of legal requirements (GDPR Article 6(1)(c)) or for reasons of public interest (GDPR Article 6(1)(e)). Please see the "Your Rights" section of this Privacy Policy immediately below for more information about how you may request that we limit or refrain from processing your personal information.
  • Your Rights
    • Right of Access/Portability: You can ask to review details about the information we hold about you and how that information has been used and disclosed. Note that we may request to verify your identification before fulfilling your request. You can also request that your personal information is provided to you in a commonly used electronic format so that you can share it with other organizations.
    • Right to Correct Information: You may ask that we make corrections to any information we hold, if you believe such correction to be necessary.
    • Right to Restrict Our Processing or Erasure of Information: You also have the right in certain circumstances to ask us to restrict processing of your personal information or to erase your personal information. Where you have consented to our use of your personal information, you can withdraw your consent at any time.

You can make a request to exercise any of these rights by emailing us at privacy@jdsupra.com or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

You can also manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard.

We will make all practical efforts to respect your wishes. There may be times, however, where we are not able to fulfill your request, for example, if applicable law prohibits our compliance. Please note that JD Supra does not use "automatic decision making" or "profiling" as those terms are defined in the GDPR.

  • Timeframe for retaining your personal information: We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized. We may continue processing your personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of this Privacy Policy. For example, if you are an author, your personal information may continue to be published in connection with your article indefinitely. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
  • Onward Transfer to Third Parties: As noted in the "How We Share Your Data" Section above, JD Supra may share your information with third parties. When JD Supra discloses your personal information to third parties, we have ensured that such third parties have either certified under the EU-U.S. or Swiss Privacy Shield Framework and will process all personal data received from EU member states/Switzerland in reliance on the applicable Privacy Shield Framework or that they have been subjected to strict contractual provisions in their contract with us to guarantee an adequate level of data protection for your data.

California Privacy Rights

Pursuant to Section 1798.83 of the California Civil Code, our customers who are California residents have the right to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

You can make a request for this information by emailing us at privacy@jdsupra.com or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

Some browsers have incorporated a Do Not Track (DNT) feature. These features, when turned on, send a signal that you prefer that the website you are visiting not collect and use data regarding your online searching and browsing activities. As there is not yet a common understanding on how to interpret the DNT signal, we currently do not respond to DNT signals on our site.

Access/Correct/Update/Delete Personal Information

For non-EU/Swiss residents, if you would like to know what personal information we have about you, you can send an e-mail to privacy@jdsupra.com. We will be in contact with you (by mail or otherwise) to verify your identity and provide you the information you request. We will respond within 30 days to your request for access to your personal information. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. If you would like to correct or update your personal information, you can manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard. If you would like to delete your account or remove your information from our Website and Services, send an e-mail to privacy@jdsupra.com.

Changes in Our Privacy Policy

We reserve the right to change this Privacy Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our Privacy Policy will become effective upon posting of the revised policy on the Website. By continuing to use our Website and Services following such changes, you will be deemed to have agreed to such changes.

Contacting JD Supra

If you have any questions about this Privacy Policy, the practices of this site, your dealings with our Website or Services, or if you would like to change any of the information you have provided to us, please contact us at: privacy@jdsupra.com.

JD Supra Cookie Guide

As with many websites, JD Supra's website (located at www.jdsupra.com) (our "Website") and our services (such as our email article digests)(our "Services") use a standard technology called a "cookie" and other similar technologies (such as, pixels and web beacons), which are small data files that are transferred to your computer when you use our Website and Services. These technologies automatically identify your browser whenever you interact with our Website and Services.

How We Use Cookies and Other Tracking Technologies

We use cookies and other tracking technologies to:

  1. Improve the user experience on our Website and Services;
  2. Store the authorization token that users receive when they login to the private areas of our Website. This token is specific to a user's login session and requires a valid username and password to obtain. It is required to access the user's profile information, subscriptions, and analytics;
  3. Track anonymous site usage; and
  4. Permit connectivity with social media networks to permit content sharing.

There are different types of cookies and other technologies used our Website, notably:

  • "Session cookies" - These cookies only last as long as your online session, and disappear from your computer or device when you close your browser (like Internet Explorer, Google Chrome or Safari).
  • "Persistent cookies" - These cookies stay on your computer or device after your browser has been closed and last for a time specified in the cookie. We use persistent cookies when we need to know who you are for more than one browsing session. For example, we use them to remember your preferences for the next time you visit.
  • "Web Beacons/Pixels" - Some of our web pages and emails may also contain small electronic images known as web beacons, clear GIFs or single-pixel GIFs. These images are placed on a web page or email and typically work in conjunction with cookies to collect data. We use these images to identify our users and user behavior, such as counting the number of users who have visited a web page or acted upon one of our email digests.

JD Supra Cookies. We place our own cookies on your computer to track certain information about you while you are using our Website and Services. For example, we place a session cookie on your computer each time you visit our Website. We use these cookies to allow you to log-in to your subscriber account. In addition, through these cookies we are able to collect information about how you use the Website, including what browser you may be using, your IP address, and the URL address you came from upon visiting our Website and the URL you next visit (even if those URLs are not on our Website). We also utilize email web beacons to monitor whether our emails are being delivered and read. We also use these tools to help deliver reader analytics to our authors to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

Analytics/Performance Cookies. JD Supra also uses the following analytic tools to help us analyze the performance of our Website and Services as well as how visitors use our Website and Services:

  • HubSpot - For more information about HubSpot cookies, please visit legal.hubspot.com/privacy-policy.
  • New Relic - For more information on New Relic cookies, please visit www.newrelic.com/privacy.
  • Google Analytics - For more information on Google Analytics cookies, visit www.google.com/policies. To opt-out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout. This will allow you to download and install a Google Analytics cookie-free web browser.

Facebook, Twitter and other Social Network Cookies. Our content pages allow you to share content appearing on our Website and Services to your social media accounts through the "Like," "Tweet," or similar buttons displayed on such pages. To accomplish this Service, we embed code that such third party social networks provide and that we do not control. These buttons know that you are logged in to your social network account and therefore such social networks could also know that you are viewing the JD Supra Website.

Controlling and Deleting Cookies

If you would like to change how a browser uses cookies, including blocking or deleting cookies from the JD Supra Website and Services you can do so by changing the settings in your web browser. To control cookies, most browsers allow you to either accept or reject all cookies, only accept certain types of cookies, or prompt you every time a site wishes to save a cookie. It's also easy to delete cookies that are already saved on your device by a browser.

The processes for controlling and deleting cookies vary depending on which browser you use. To find out how to do so with a particular browser, you can use your browser's "Help" function or alternatively, you can visit http://www.aboutcookies.org which explains, step-by-step, how to control and delete cookies in most browsers.

Updates to This Policy

We may update this cookie policy and our Privacy Policy from time-to-time, particularly as technology changes. You can always check this page for the latest version. We may also notify you of changes to our privacy policy by email.

Contacting JD Supra

If you have any questions about how we use cookies and other tracking technologies, please contact us at: privacy@jdsupra.com.

- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.