Blogs

HIPAA & Health Information Technology Blog

William Maruca, Michael Kline and Elizabeth Litten maintain a blog that provides information regarding current legal and practical issues that health care providers and business must consider with regard to the exchange of health information, including the use of electronic health records (EHR). The HIPAA Privacy Rule and Security Rule requirements are among the legal standards with which there must be compliance when utilizing EHR, as well as sharing and exchanging health information in general. This blog also considers possible solutions to maneuver the legal and other barriers to establishing an EHR system and infrastructures for the beneficial exchange of health information.

View the HIPAA & Health Information Technology Blog

Physician Law Blog

Todd A. Rodriguez and Edward J. Cyran maintain a blog that can be used as a resource for current legal issues and news affecting physicians and other non-institutional health care providers. Their blog provides updates on new legislation and legal issues relating to practice management, billing and coding, ancillary services, malpractice insurance, fraud and abuse developments and other important legal issues affecting physicians in their personal and professional lives.

View the Physician Law Blog

Recent Blog Posts

  • Effect of the Sessions Memorandum on State Medical Marijuana Programs Earlier this month, Attorney General Jeff Sessions issued a Memorandum rescinding the Obama Administration’s “hands off” policy with respect to the prosecution of licensed cannabis distribution in states where medical or recreational marijuana are legalized.  Our sister blog, “In the Weeds” has covered the issuance of this new Memorandum extensively, including how it may affect state medical marijuana programs around the country. So far, U.S. Attorneys in many of the states that have legalized medical marijuana (including Pennsylvania) have made public... More
  • The President Can Tweet, But Can a Doctor Text? Text messaging is a convenient way for busy doctors to communicate, but for years, the question has remained: are doctors allowed to convey sensitive health information with other members of their provider team over SMS? The answer is now “yes,” thanks to a memo published last week by the U.S. Department of Health & Human Services (HHS), Centers for Medicare & Medicaid Services (CMS).   The memo clarifies that “texting patient information among members of the health care team is permissible... More
  • HIPAA Updates – Mistakes to Avoid in 2018 and Guidance on Disclosing PHI related to Substance Abuse and Mental Illness Fox Rothschild’s HIPAA & Heath Information Technology Blog recently published two posts directly relevant to physicians and medical practices.  The first post, 5 Common HIPAA Mistakes to Avoid in 2018, addresses some typical misconceptions regarding disclosure of protected health information (PHI) and offers some ideas regarding how to avoid them. The second post, New HIPAA Guidance on Disclosure of PHI related to Opioid Abuse and Mental Health, touches on the most recent HIPAA guidance released by the U.S. Department of Health and Human Services,... More
  • New HIPAA Guidance on Disclosure of PHI Related to Opioid Abuse and Mental Health In our most recent post, the Top 5 Common HIPAA Mistakes to Avoid in 2018, we noted that the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) has recently published guidance on disclosing protected health information (PHI) related to overdose victims. OCR published this and other guidance within the last two months in response to the Opioid Crisis gripping the nation and confusion regarding when and to whom PHI of patient’s suffering from addiction or mental... More
  • Top 5 Common HIPAA Mistakes to Avoid in 2018 Heading into its 22nd year, HIPAA continues to be misunderstood and misapplied by many, including health care industry professionals who strive for (or at least claim the mantle of) HIPAA compliance. Here is my “top 5” list of the most frequent, and most frustrating, HIPAA misperceptions seen during 2017: “If I’m using or disclosing protected health information (PHI) for health care operations purposes, I don’t need a Business Associate Agreement.” Yes, HIPAA allows PHI to be used or disclosed for treatment, payment and... More
  • Florida Supreme Court Rules That Privacy Continues After Death On November 9, the Florida Supreme Court ruled in the case of Emma Gayle Weaver, etc. v. Stephen C. Myers, M.D., et al., that the right to privacy under the Florida Constitution does not end upon an individual’s death. Fox partner and HIPAA Privacy & Security Officer Elizabeth Litten recently reacted to the decision in an article in Data Guidance. She noted the decision’s compatibility with HIPAA regulations concerning the protected health information of a deceased patient. She also discussed... More
  • CMS Provides Advice on Electronic Laboratory Alerts CMS recently issued an Advisory Opinion suggesting that physicians who refer diagnostic tests reimbursable under Medicare to a laboratory may, under certain circumstances, receive electronic pop-up notifications in the laboratory’s web-based portal alerting the physicians to various potential issues related to the test results.  In the Advisory Opinion, CMS considered certain alerts which a laboratory proposed to provide to its referring physicians without charge via the laboratory’s web-based portal.  The entire Advisory Opinion can be read here. In short, CMS concluded... More
  • “Getting Receipts” – The Millennial Disconnect Between Short-Term Social Media Posts and HIPAA Long gone are the days when social media consisted solely of Myspace and Facebook, accessible only by logging in through a desktop computer at home or personal laptop. With every single social media platform readily available on personal cellular devices, HIPAA violations through social media outlets are becoming a frequent problem for healthcare providers and individual employees alike. In fact, social media platforms like Snapchat® and Instagram® that offer users the opportunity to post “stories” or send their friends temporary... More
  • MACRA Update: Attestation Regarding Your EHR System [For more information on CMS’s new Quality Payment Program and what physicians need to report in 2017, please see our prior blog posts here and here.] CMS recently issued guidance (accessible here) on the three-part “Prevention of Information Blocking” attestation which physicians and other eligible clinicians will need to submit to CMS in order to qualify for points under the “Advancing Care Information” category of the Merit-based Incentive Payment System (MIPS). Although making this attestation and reporting to CMS regarding use of... More
  • Proposed New Jersey Regulation would Restrict Pharma Gifts to Prescribers Gov. Christie’s Administration recently proposed a regulation to curtail the prescription of unnecessary opioid painkillers.  Christie, who serves as the Chairman of President Trump’s Commission on Combating Drug Addiction and the Opioid Crisis, expressed concern that treatment decisions of all prescribers (including physicians, dentists and advanced practice nurses) are being improperly influenced by pharmaceutical companies.  According to Christie’s press release, four out of every five new heroin users began by misusing prescription painkillers, and, in 2016, $69 million was paid... More
  • Equifax Breach Checker – Curiosity May Have a Cost (But it’s Refundable) Individuals who have received notice of a HIPAA breach are often offered free credit monitoring services for some period of time, particularly if the protected health information involved included social security numbers.  I have not (yet) received such a notice, but was concerned when I learned about the massive Equifax breach (see here to view a post on this topic on our Privacy Compliance and Data Security blog). The Federal Trade Commission’s Consumer Information page sums it up well: If you have... More
  • Electronic Health Records and HIPAA Security: A Design Problem Fixable With Blockchain Technology?   In some respects, HIPAA has had a design problem from its inception. HIPAA is well known today as the federal law that requires protection of individually identifiable health information (and, though lesser-known, individual access to health information), but privacy and security were practically after-thoughts when HIPAA was enacted back in 1996. HIPAA (the Health Information Portability and Accountability Act) was originally described as an act: To amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance... More
  • Pennsylvania Begins Physician Registration for Medical Marijuana As first reported on our sister blog, “In the Weeds” (post accessible here), on July 26, 2017, the Pennsylvania Department of Health opened its Medical Marijuana Practitioner Registry.  Physicians licensed in the Commonwealth of Pennsylvania may now apply online to register to certify the use of medical marijuana for their patients.  The online application may be completed here. Copyright: megaflopp / 123RF Stock Photo The Practitioner Registry will be publicly searchable and will include each practitioner’s name, business address, and medical credentials.  As noted in one of... More
  • Ten Tips for Actions by a Covered Entity after a HIPAA Breach by a Business Associate   This blog recently discussed tips for a covered entity (CE) in dealing with a HIPAA business associate (BA). Now, even though you have adopted all of the tips and more, in this dangerous and ever more complex data security world, one of your BAs suffers a breach and it becomes your responsibility as the victim CE to respond. What should you do? Our partner Elizabeth Litten and I discussed aspects of this issue with our good friend Marla Durben Hirsch who... More
  • CMS Predicts that Physicians participating in Advanced APMs in 2017 will receive a 5% Incentive Payment in 2019 Under CMS’s new Quality Payment Program, which will adjust Medicare Part B payments starting in 2019 based on data from this year, physicians and other eligible clinicians must qualify for one of two payment “tracks”, either the Merit-Based Incentive System (MIPS) or the Advanced Alternative Payment Model (Advanced APM) track.   A physician who qualifies under the MIPS in 2017 can earn up to a 4% payment adjustment to Medicare Part B payments in 2019.  Physicians who qualify under the Advanced APM track... More