Blogs

HIPAA & Health Information Technology Blog

William Maruca, Michael Kline and Elizabeth Litten maintain a blog that provides information regarding current legal and practical issues that health care providers and business must consider with regard to the exchange of health information, including the use of electronic health records (EHR). The HIPAA Privacy Rule and Security Rule requirements are among the legal standards with which there must be compliance when utilizing EHR, as well as sharing and exchanging health information in general. This blog also considers possible solutions to maneuver the legal and other barriers to establishing an EHR system and infrastructures for the beneficial exchange of health information.

View the HIPAA & Health Information Technology Blog

Physician Law Blog

Todd A. Rodriguez and Edward J. Cyran maintain a blog that can be used as a resource for current legal issues and news affecting physicians and other non-institutional health care providers. Their blog provides updates on new legislation and legal issues relating to practice management, billing and coding, ancillary services, malpractice insurance, fraud and abuse developments and other important legal issues affecting physicians in their personal and professional lives.

View the Physician Law Blog

Recent Blog Posts

  • New Apple Watch May Mark Time To Rethink HIPAA The new Apple Watch Series 4® is one of the more recent and sophisticated consumer health engagement tools. It includes a sensor that lets wearers take an electrocardiogram (ECG) reading and detect irregular heart rhythms. The U.S. Food & Drug Administration (FDA) recently approved these functions as Class II medical devices, which generally means that they have a high to moderate risk to the user. The FDA approval letters describe the Apple Watch Series 4 functions as intended for over-the-counter... More
  • Join Top Cybersecurity Pros at Fox’s Privacy Summit Registration to the Privacy Summit is open. Fox Rothschild’s Minneapolis Privacy Summit on November 8 will explore key cybersecurity issues and compliance questions facing company decision-makers. This free event will feature an impressive array of panelists drawn from cybersecurity leaders, experienced regulatory and compliance professionals and the Chief Division Counsel of the Minneapolis Division of the FBI. Attendees receive complimentary breakfast and lunch, and can take advantage of networking opportunities and informative panel sessions: GDPR and the California Consumer Privacy Act: Compliance in... More
  • New Jersey Law Mandates New Patient Disclosures Regarding Insurance The New Jersey Out-of-Network Consumer Protection, Transparency, Cost Containment and Accountability Act takes effect today, August 30, 2018, and requires all licensed health care professionals in New Jersey (including physicians, nurse practitioners and physician assistants, among others) who bill health benefits plans issued or delivered in New Jersey to provide certain disclosures to patients enrolled in such Plans. The Act also contains additional obligations for physicians, including with respect to billing certain out-of-network services.  For more information regarding the Act’s impact on... More
  • Bankrupt Medical Records Company Hit with $100,000 Penalty for HIPAA Violations Filefax, Inc., a defunct Illinois medical records storage and management company, has been fined $100,000 for improperly handling medical data under an agreement with the court-appointed receiver managing the company’s assets on behalf of its creditors.  This settlement has implications for both service providers and their covered entity clients.  Fox Rothschild partners Elizabeth Litten and Michael Kline were quoted in an article by Marla Durben Hirsch entitled “Be prepared for HIPAA Issues if a business associate shuts down” in the... More
  • Proposed Changes to the Medicare Physician Fee Schedule and Quality Payment Program in 2019 CMS recently issued its proposed changes to the 2019 Medicare Physician Fee Schedule, which include a controversial change to the reimbursement rates for Level 2-5 evaluation and management (E/M) services and some notable changes to the Quality Payment Program.  This post highlights some key aspects of the Proposed Rule that will affect medical practices. CMS views the Rule as one of “several proposed rules that reflect a broader Administration-wide strategy to create a healthcare system that results in better accessibility, quality,... More
  • The Heavy Hit of HIPAA: Violations May Send You to Jail The recent criminal conviction of a Massachusetts physician provides a stark reminder that violating HIPAA can result in more than civil monetary penalties and the financial and reputational fall-out that results from a breach. In this case, perhaps the cover-up was worse than the crime, or maybe prosecutors decided that a conviction on other charges would have been harder to get. Either way, the case should alert covered entities and business associates to the fact that HIPAA violations can result... More
  • New VA MISSION Act Designed to Increase Veteran Access to Private Doctors This is the second installment in a new series on the Physician Law Blog entitled “Small Doses” designed to provide you with quick updates on meaningful issues.  We will continue to provide you with detailed updates on significant topics which we think are worth your time to read.  The purpose of “Small Doses” is to give you just enough information regarding a topic to have a general understanding of its import in a quick, easy read.   In response to the publicity... More
  • When HIPAA Compliance Is Not Enough: The Territorial Scope of GDPR The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Whereas HIPAA applies to particular types or classes of data creators, recipients, maintainers or transmitters (U.S. covered entities and their business associates and subcontractors), GDPR applies much more generally – it applies to personal data itself. Granted, it doesn’t apply to personal data that has absolutely no nexus to the EU, but assuming it doesn’t apply to your U.S.-based entity simply because you don’t have... More
  • Small Doses: CMS Updates Reportable List of Adverse Actions This is the first installment in a new series on the Physician Law Blog entitled “Small Doses” designed to provide you with quick updates on meaningful issues.  We will continue to provide you with detailed updates on significant topics which we think are worth your time to read.  The purpose of “Small Doses” is to give you just enough information regarding a topic to have a general understanding of its import in a quick, easy read.   CMS recently updated its list... More
  • New “Medical Device Safety Action Plan” Intended to Modernize FDA’s Approach to Device Safety In April, the FDA released its “Medical Device Safety Action Plan,” a short to mid-term vision for increasing the safety of medical devices.  In it, the FDA acknowledges that enhancements and changes in its approach to device safety are necessary to ensure that it is “vigilant” in keeping up with the developments in the complexity and number of medical devices. Key to the FDA’s new approach is focusing on the “Total Product Life Cycle (TPLC)” of each type of medical device,... More
  • The Cost for a Copy of Medical Records? It May Depend Who’s Asking The Report to Congressional Committees of the U.S. Government Accountability Office (“GAO Report”), required under the 21st Century Cures Act, came out about a month earlier than required, but this early bird failed to catch what continues to be a wriggling worm – what can a covered entity charge for these copies? As discussed in our February 2017 blog post, the Office for Civil Rights issued guidance (“OCR Guidance”) over 2 years ago attempting to clarify that HIPAA charge limits (to... More
  • (Ride)Sharing is Caring The transportation landscape in America has evolved and these developments are now impacting health care. With about 75 percent of the U.S. population living in a county with access to an on-demand ride-hailing service, many patients are turning to ride-share services, like Uber and Lyft, as a means to obtain their medical care. The idea of partnering ride-sharing and health care is not new. Over the past few years, ride-sharing companies have been edging their way into the health care realm.... More
  • CMS Announces New Initiatives for Innovating Patient Care Last month, CMS Administrator Seema Verma announced several initiatives to innovate the delivery of patient care at the ground level.  In collaboration with the Trump Administration and other federal agencies, CMS is taking steps to implement a system in which patients have control of their electronic health information and can easily transfer it between health care providers.  This system, referred to as “MyHealthEData,” is also intended to allow both physician and patient to access the clinical and payment data required... More
  • When Data is Like Toothpaste In 1973, President Richard Nixon’s Chief of Staff H.R. Haldeman warned White House Counsel John Dean against talking to prosecutors investigating the growing Watergate scandal, telling him “Once the toothpaste is out of the tube, it’s going to be very hard to get it back in,” and a useful idiom was born. Personal electronic data, including protected health information, once disclosed, can be equally difficult to recapture and contain. A recent article in Slate entitled You Can’t Clean Up a Data... More
  • Not So Fast! HIPAA (Surprisingly) Doesn’t Apply to THAT! Many employers who have had it drilled into them that HIPAA applies to protected health information (PHI) of employees are often surprised to learn that the applicability of HIPAA to employee health information (EHI) is actually quite narrow.  HIPAA only applies to EHI related to the employer’s group health plans (such as medical, dental, employee assistance program (EAP) and health flexible spending arrangement (FSA)).  Employer-sponsored group health plans are HIPAA covered entities. Further, although this is true regardless of whether... More