Blogs

HIPAA & Health Information Technology Blog

William Maruca, Michael Kline and Elizabeth Litten maintain a blog that provides information regarding current legal and practical issues that health care providers and business must consider with regard to the exchange of health information, including the use of electronic health records (EHR). The HIPAA Privacy Rule and Security Rule requirements are among the legal standards with which there must be compliance when utilizing EHR, as well as sharing and exchanging health information in general. This blog also considers possible solutions to maneuver the legal and other barriers to establishing an EHR system and infrastructures for the beneficial exchange of health information.

View the HIPAA & Health Information Technology Blog

Physician Law Blog

Todd A. Rodriguez and Edward J. Cyran maintain a blog that can be used as a resource for current legal issues and news affecting physicians and other non-institutional health care providers. Their blog provides updates on new legislation and legal issues relating to practice management, billing and coding, ancillary services, malpractice insurance, fraud and abuse developments and other important legal issues affecting physicians in their personal and professional lives.

View the Physician Law Blog

Recent Blog Posts

  • HIPAA Right to Access Initiative Targets Psychiatric/Mental Health Providers Mental Health/substance abuse providers and providers treating HIV/AIDS patients are held to a higher standard when it comes to protecting medical records, requiring additional levels of consent and analysis prior to productions. However, recent settlements published by the Office of Civil Rights of the Department of Health and Human Services (OCR) on September 15, 2020 remind all providers that patients and their authorized representatives have a right to access their records. Right to Access Initiative: In 2019 OCR launched the Right to... More
  • Federal Court Holding Reminds Providers to Address Gender Identity Discrimination in Workplace In 2016, the Obama Administration issued a regulation implementing Section 1557 of the Affordable Care Act (ACA) (the 2016 Rule), which redefined sex discrimination to include termination of pregnancy and gender identity. Despite efforts by the U.S. Department of Health and Human Services (HHS) to repeal and revise certain provisions of the 2016 Rule through a new Rule, a ... Continue Reading ... More
  • New OCR Resource Adds Guidance on HIPAA and Direct-to-Consumer Health Apps A tricky issue for mobile health app developers since the Office for Civil Rights (OCR) released its first “Health App Use Scenarios & HIPAA” guidance back in 2016 has been deciphering whether the developer is a business associate if it offers its app on a consumer-facing basis as well as through covered entities (or their business associates).  I wrote about this at the time, highlighting the “maybe”:  whether a health app is acting as a business associate and subject to... More
  • Updated OCR Guidance on Contacting Recovered COVID-19 Patients The Office for Civil Rights within the Department of Health and Human Services (OCR) provided guidance in June that reassured covered entity health care providers and that it is generally OK to use or disclose protected health information (PHI) to contact individuals who have recovered from COVID-19 for case management and care coordination. The OCR has now updated the guidance (“Guidance”) to clarify that health plans may also use or disclose PHI  for purposes of contacting individuals who have recovered from... More
  • “I Have an App for That”: ONC’s Information Blocking Rule and HIPAA Access Rights A patient asks her doctor to send her test results to an app the patient has downloaded on her phone.   The doctor worries that the app is not secure and that the patient might not understand the security risks.  What should the doctor do? Covered entity health care providers and their business associates likely need to update their HIPAA Access Rights Policies and Procedures to address this scenario.  Rules recently adopted by Office of the National Coordinator (ONC) to implement certain... More
  • FDA Warns Consumers and Health Care Professionals Not to Use Certain Hand Sanitizer Products The U.S. Food and Drug Administration (FDA) issued a flurry of Press Releases and Alerts from mid-June through the end of July warning consumers and health care professionals not to use certain alcohol-based hand sanitizers due to the dangerous presence of methanol (or wood alcohol), a substance often used to create fuel and antifreeze that can be toxic when absorbed ... Continue Reading ... More
  • Have You Updated Your Corporate Compliance Program Lately? New guidance issued by the U.S. Department of Justice (DOJ) highlights the importance of updating corporate compliance programs to satisfy regulatory requirements.  The 2020 updates pick up where the 2019 guidance left off in addressing the evaluation metrics for compliance.  The key takeaway for 2020 is that companies are encouraged to update and improve compliance programs with the latest in ... Continue Reading ... More
  • Dentists Can Apply for CARES Provider Relief Funds through August 3, 2020 Dentists are now able to receive funds from the U.S. Department of Health and Human Services’ Provider Relief Fund, as a result of the American Dental Association’s advocacy. In a press release dated July 17, 2020, the U.S. Department of Health and Human Services (HHS) extended the deadline to apply for the funds to August 3, 2020, “to ensure ... Continue Reading ... More
  • Costs for COVID Tests – The Buck Stops Where? Widespread testing for the novel Coronavirus is generally recognized as an important tool in combating the spread of the virus. The World Health Organization is an advocate for broad testing, so as to better locate incidents of infection for purposes of isolation, caring, and tracking. However, the cumulative cost for such testing is significant. In a study commissioned by the ... Continue Reading ... More
  • THE ABC’S OF THE S.I.U.: What Providers Need to Know Medical record requests by payors are commonplace for health care providers. Typically, these requests are received by a front desk employee who responds to the inquiry in short order.  Yet, not all requests should be treated the same.  When a request for documentation is propounded by the “Special Investigation Unit” (S.I.U.)  of an insurance company, special care should be exercised ... Continue Reading ... More
  • Employer Collection of COVID-19 Data and Employee Privacy The following post is adapted from an article written by Fox Rothschild attorneys Wayne Pinksone and Lucy Li, available here. OSHA recently published guidance for “nonessential businesses” that are intending to reopen and allow their employees to return to work. This guidance is intended to supplement the U.S. Department of Labor and U.S. Department of Health and Human Services’ existing Guidance on Preparing Workplaces for COVID-19 and the White House’s Guidelines for Opening up America Again. Additionally, employers should continue to monitor state and local guidelines for... More
  • PA Health Care Practices and Facilities Should Modify Their COVID-19 Policies for New Travel Quarantine On July 1, 2020, the Pennsylvania Department of Health and Gov. Wolf issued a 14-day quarantine recommendation for any individual returning to PA from any of 19 states.  The Department expects to adjust the list from time to time to reflect the rise or decrease in COVID-19 cases in states around the country. Health care practices and facilities should consider ... Continue Reading ... More
  • FTC Offers Tips for Data Protection in Products Related to Fighting COVID-19 From Fox Rothschild’s Privacy Compliance & Data Security blog The Federal Trade Commission (FTC) has offered tips for data protection during the COVID-19 crisis. Consider privacy and security as you’re developing your products and services, and not after launch. Although we will be flexible and reasonable when it comes to bringing enforcement actions against companies engaged in good faith, thoughtful efforts to address the effects of the pandemic, it doesn’t pay to be in the news for privacy and security problems. Use privacy... More
  • HHS Announces Relief Fund Payments for Medicaid & CHIP Providers, Safety Net Hospitals and Enhanced Provider Relief Fund Portal In a Press Release issued Tuesday afternoon, the U.S. Department of Health and Human Services (HHS) announced they will distribute approximately $15 billion to eligible providers that participate in state Medicaid and Children’s Health Insurance Program (CHIP) programs that have not received a payment from the Public Health and Social Services Emergency Fund (Provider Relief Funds) and $10 billion in ... Continue Reading ... More
  • Medicare Appeals and Audit Waivers Amid the COVID-19 Pandemic In the event of a national disaster or emergency under the Stafford Act or the National Emergencies Act and a Public Health Emergency Declaration by government officials, the Department of Health and Human Services (HHS) Secretary can temporarily waive certain Medicaid and Medicare criterion, which are commonly referred to as 1135 Waivers.  By way of example, 1135 Waivers or ... Continue Reading ... More
  • Focused Infection Control Surveys for Nursing Homes to be Completed by July 31, 2020 — New Penalties for Identified Deficiencies On June 1, 2020 CMS published QSO-20-31-All. It is effective immediately and provides in part as follows: (1) States will need to perform focused infection control surveys (FICS) of 100% of the certified nursing homes in their State by July 31, 2020 or lose access to certain federal funding. CMS and CDC are tracking the surveys done to date... Continue Reading ... More
  • Don’t Get Sprayed: CISA Alert Reminds Health Care Entities to Use Strong Passwords A joint Alert from the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) and the U.K.’s National Cyber Security Centre (NCSC) warns of new cyber attacks targeting COVID-19-related information. Notably, these attacks succeed when system users have weak or common passwords.  NCSC published frequently found passwords here, many of which are used by cyber criminals to gain access networks that contain sensitive research and health care information.  The Alert warns that cyber criminals have been using “password spraying”,... More
  • OCR Webinar on HIPAA and COVID-19: Key Points for Covered Entities and Business Associates Fox Rothschild LLP partner Beth Larkin listened to the HHS Office for Civil Rights 4/24/20 webinar (which should be posted on its website at some point) regarding HIPAA and COVID-19 and took notes. Here’s my summary of key points, based on Beth’s notes: Overview: OCR stresses that the HIPAA Rules are supposed to be balanced and flexible.  The HIPAA Rules do not prohibit sharing PHI, they just require covered entities and business associates to take appropriate steps to safeguard PHI in... More
  • New York Attorney General Warns Health Care Industry of COVID-19 Cyber Scams The New York Attorney General has issued a warning to healthcare providers, hospitals, and other organizations within the health supply chain that cyber criminals are using targeted COVID-19 phishing emails and texts to gain access to sensitive information.  Multiple reports indicate that scammers are sending emails and texts to get a recipient to click on a link purporting to share COVID-19 information that in reality installs malware or permits access to steal passwords and other sensitive information. Details in this post... More
  • OCR Warning: Phone Scammer Posing as Investigator to Obtain PHI The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued a warning that it has received reports that someone has been impersonating an OCR inspector in an effort to access HIPAA Protected Health Information (PHI). According to the agency: “The individual identifies themselves on the telephone as an OCR investigator, but does not provide an OCR complaint transaction number or any other verifiable information relating to an OCR investigation. HIPAA covered entities and business associates should alert... More