Blogs

HIPAA & Health Information Technology Blog

William Maruca, Michael Kline and Elizabeth Litten maintain a blog that provides information regarding current legal and practical issues that health care providers and business must consider with regard to the exchange of health information, including the use of electronic health records (EHR). The HIPAA Privacy Rule and Security Rule requirements are among the legal standards with which there must be compliance when utilizing EHR, as well as sharing and exchanging health information in general. This blog also considers possible solutions to maneuver the legal and other barriers to establishing an EHR system and infrastructures for the beneficial exchange of health information.

View the HIPAA & Health Information Technology Blog

Physician Law Blog

Todd A. Rodriguez and Edward J. Cyran maintain a blog that can be used as a resource for current legal issues and news affecting physicians and other non-institutional health care providers. Their blog provides updates on new legislation and legal issues relating to practice management, billing and coding, ancillary services, malpractice insurance, fraud and abuse developments and other important legal issues affecting physicians in their personal and professional lives.

View the Physician Law Blog

Recent Blog Posts

  • Physician Investment in Grower-Processors and Dispensaries of Medical Marijuana in Pennsylvania Until March 20, 2017, the Pennsylvania Department of Health (the “DOH”) will be accepting applications from companies seeking permits as Grower/Processors and/or Dispensaries of medical marijuana in Pennsylvania.  Among other things, these applications require that the applicant raise substantial funding.  To do so, certain applicants have been seeking investment from physicians.  If you receive such a request, we encourage you to consult with a knowledgeable attorney before contributing funds to or agreeing to purchase securities in such a company. It is important... More
  • Where’s Your Wallet? The Ongoing Saga of FTC v. LabMD (Part 2 of 2) It was the wallet comment in the response brief filed by the Federal Trade Commission (FTC) in the U.S. Court of Appeals for the 11th Circuit that prompted me to write this post. In its February 9, 2017 filing, the FTC argues that the likelihood of harm to individuals (patients who used LabMD’s laboratory testing services) whose information was exposed by LabMD roughly a decade ago is high because the “file was exposed to millions of users who easily could... More
  • Charges for Copies of Medical Records may Violate HIPAA, Despite Compliance with State Law A patient requests a copy of her medical record, and the hospital charges the per-page amount permitted under state law. Does this violate HIPAA? It may. In the spring of 2016, the Office of Civil Rights (OCR) within the U.S. Department of Health and Human Services, the agency that enforces HIPAA, issued a new guidance document on individuals’ right to access their health information under HIPAA (“Access Guidance”).   The Access Guidance reminds covered entities that state laws that provide individuals with... More
  • Health Law Alert – Medicare Quality Payment Program We recently issued a Health Law Alert on the Medicare Quality Payment Program, focusing specifically on what physicians and their medical practices need to know to be in compliance with the Program in 2017.  The Alert may be accessed at this link: Fox Rothschild Health Law Alert – Medicare Quality Payment Program You may also view some of our recent posts on the Physician Law Blog for more information on the Medicare Quality Payment Program.  In short, compliance with the Program in 2017 can... More
  • Will the New Administration Trump Efforts to Forecast 2017 Healthcare Trends? As she has done in January for several years, our good friend Marla Durben Hirsch quoted my partner Elizabeth Litten and me in Medical Practice Compliance Alert in her article entitled “MIPS, OSHA, other compliance trends likely to affect you in 2017.” For her article, Marla asked various health law professionals to make predictions on diverse healthcare matters including HIPAA and enforcement activities. Full text can be found in the January 2017 issue, but excerpts are included below. Marla also wrote... More
  • From the Wild West to Westworld and (Maybe) Back to Normal – the Ongoing Saga of LabMD (Part 1 of 2) It was nearly three years ago that I first blogged about the Federal Trade Commission’s “Wild West” data breach enforcement action brought against now-defunct medical testing company LabMD.   Back then, I was simply astounded that a federal agency (the FTC) with seemingly broad and vague standards pertaining generally to “unfair” practices of a business entity would belligerently gallop onto the scene and allege non-compliance by a company specifically subject by statute to regulation by another federal agency. The other agency,... More
  • 21st Century Cure for a “Broken” Mental Health System Includes HIPAA Clarification U.S. Representative Tim Murphy (R-PA) has been a vocal advocate for mental health reform for a number of years.  Part of his crusade is driven by his concern that the HIPAA privacy rule “routinely interferes with the timely and continuous flow of health information between health care providers, patients, and families, thereby impeding patient care, and in some cases, public safety.”  Congressman Murphy’s efforts have resulted in the inclusion in the recently-passed 21st Century Cures Act of a provision entitled... More
  • Are You Ready for the New Medicare Quality Payment Program? (Part 2): Basics of the MIPS and How to Qualify in 2017 The Medicare incentive programs with which you and your medical practice are familiar will soon be no more.  As of January 1, 2017, these programs (including the Electronic Health Records (EHR) Meaningful Use Incentive Program, the Physician Quality Reporting System (PQRS), and the Physician Value-Based Modifier Program) will morph into the new Medicare Quality Payment Program (QPP).   The QPP will also include a fourth category of incentives entitled “Clinical Practice Improvement Activities”, which we discuss in more detail below. The purpose... More
  • Foreshadowing HIPAA Under the New Administration: Will Transparency Trump Privacy? It may not come as a surprise that Congressman Tom Price, MD (R-GA), a vocal critic of the Affordable Care Act who introduced legislation to replace it last spring, was selected to serve as Secretary of the U.S. Department of Health and Human Services (HHS) in the Trump administration. What may come as a bit of a surprise is how Price’s proposed replacement bill appears to favor transparency over individual privacy when it comes to certain health care claim information. Section... More
  • Office of Inspector General Work Plan Identifies Compliance Areas of Focus for Physicians Earlier this month, the Office of Inspector General of the Department of Health and Human Services (“OIG”), the agency charged with enforcement of key federal fraud and abuse laws, published its annual Work Plan identifying the areas of compliance concern under the Medicare program on which it will focus its review efforts in the coming year. While the Work Plan does not provide much detail in terms of why particular areas have been identified for review, it can serve as... More
  • OCR Alert – HIPAA Audit Email Phishing Scam The U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) issued an alert on November 28, 2016, regarding an email purporting to be from OCR.  This phishing email can look like an official government email which may use fake HHS letterhead and may even appear to be signed by OCR’s Director, Jocelyn Samuels. OCR says: The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program.  The link directs individuals to a... More
  • Bubble Guppies and PHI: Tips for Telecommuting Policies Federal enforcement agencies are increasingly focusing on HIPAA breaches which involve mishandling of PHI by telecommuters.  Two recent cases illustrate the liability exposure resulting from inadequate oversight of staff working remotely. Medical equipment supplier Lincare was fined $239,800 as a result of a breach which occurred when an employee left unprotected PHI in a car in the possession of her estranged husband.  An Administrative Law Judge upheld the penalty, noting that Lincare did not have policies in place requiring employees to... More
  • Are You Ready for the New Medicare Quality Payment Program? (New Blog Series) You may have heard that a transformation of Medicare’s physician payment program is in the works.  However, you may not know that the structure of the new program, called the “Quality Payment Program”, has been finalized and will begin its first reporting year on January 1, 2017.  Now is the time for you and your practice to get up to speed on the new Quality Payment Program.  This post is the first in a new Blog Series that we will be publishing... More
  • OIG Okays Free Vaccine Dispensing System for Physician Office Use The Office of Inspector General (“OIG”) of the Department of Health and Human Services, generally, would have concerns about a potential or existing referral source receiving free goods or services, since these free goods and services could be used to provide unlawful payments for the referral of Federal health care program business.  However, under Advisory Opinion 16-09, the OIG decided not to pursue sanctions against a company that provides computerized point-of-care storage and dispensing systems for vaccines (the “Dispensing System”)... More
  • The Blindfolded Business Associate: New HHS Guidance on HIPAA & Cloud Computing According to the latest HIPAA-related guidance (Guidance) published by the U.S. Department of Health and Human Services (HHS), a cloud service provider (CSP) maintaining a client’s protected health information (PHI) is a business associate even when the CSP can’t access or view the PHI. In other words, even where the PHI is encrypted and the CSP lacks the decryption key, the CSP is a business associate because it maintains the PHI and, therefore, has HIPAA-related obligations with respect to the... More