Blogs

HIPAA & Health Information Technology Blog

William Maruca, Michael Kline and Elizabeth Litten maintain a blog that provides information regarding current legal and practical issues that health care providers and business must consider with regard to the exchange of health information, including the use of electronic health records (EHR). The HIPAA Privacy Rule and Security Rule requirements are among the legal standards with which there must be compliance when utilizing EHR, as well as sharing and exchanging health information in general. This blog also considers possible solutions to maneuver the legal and other barriers to establishing an EHR system and infrastructures for the beneficial exchange of health information.

View the HIPAA & Health Information Technology Blog

Physician Law Blog

Todd A. Rodriguez and Edward J. Cyran maintain a blog that can be used as a resource for current legal issues and news affecting physicians and other non-institutional health care providers. Their blog provides updates on new legislation and legal issues relating to practice management, billing and coding, ancillary services, malpractice insurance, fraud and abuse developments and other important legal issues affecting physicians in their personal and professional lives.

View the Physician Law Blog

Recent Blog Posts

  • Time for New Jersey Medical Practices to Update Certain Patient Disclosures and Comply with the Surprise Medical Billing Law The New Jersey Out-of-Network Consumer Protection, Transparency, Cost Containment and Accountability Act (the “Law”), New Jersey’s “surprise” medical billing law, went into effect on August 30, 2018.  Among other things, it requires licensed health care professionals in New Jersey (including, but not limited to, physicians, physician assistants and nurse practitioners) that bill health benefits plans issued or delivered in New Jersey (“NJ Health Plans”) to make certain patient disclosures regarding participation in such plans.  Additional patient disclosures are required for... More
  • Diagnostic Imaging Services Must Follow Patient Reporting Obligations Under New PA Law Pennsylvania’s Patient Test Result Information Act, which is set to take effect December 23, 2018, requires diagnostic imaging services providers that identify a “significant abnormality” in their test results to directly notify the patient or his/her designee within 20 days of the completed test, its review and its delivery to the ordering health care practitioner.  The new law defines the circumstances under which a patient notice is mandatory, as well as required information and language that must be included in... More
  • To BAA or Not to BAA? The Question a Florida Provider Should Have Asked in 2011 Results in a Half Million Dollar Payment in 2018 Yesterday’s listserv announcement from the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS) brought to mind this question. The post announces the agreement by a Florida company, Advanced Care Hospitalists PL (ACH), to pay $500,000 and adopt a “substantial corrective action plan”. The first alleged HIPAA violation? Patient information, including name, date of birth, and social security number was viewable on the website of ACH’s medical billing vendor, and reported to ACH by... More
  • New Anti-Kickback Law Targets Opioid Crisis On October 24, 2018, Congress enacted a new anti-kickback law that applies to many commercial health insurance plans, as well as Medicare and Medicaid.  The law, known as the “Eliminating Kickbacks in Recovery Act of 2018” (the “Law”), was passed as part of the SUPPORT for Patients and Communities Act, which generally targets the national opioid crisis. The Law makes it a criminal offense to do any of the following: Solicit or receive any remuneration (including any kickback, bribe or rebate), directly... More
  • New Apple Watch May Mark Time To Rethink HIPAA The new Apple Watch Series 4® is one of the more recent and sophisticated consumer health engagement tools. It includes a sensor that lets wearers take an electrocardiogram (ECG) reading and detect irregular heart rhythms. The U.S. Food & Drug Administration (FDA) recently approved these functions as Class II medical devices, which generally means that they have a high to moderate risk to the user. The FDA approval letters describe the Apple Watch Series 4 functions as intended for over-the-counter... More
  • Join Top Cybersecurity Pros at Fox’s Privacy Summit Registration to the Privacy Summit is open. Fox Rothschild’s Minneapolis Privacy Summit on November 8 will explore key cybersecurity issues and compliance questions facing company decision-makers. This free event will feature an impressive array of panelists drawn from cybersecurity leaders, experienced regulatory and compliance professionals and the Chief Division Counsel of the Minneapolis Division of the FBI. Attendees receive complimentary breakfast and lunch, and can take advantage of networking opportunities and informative panel sessions: GDPR and the California Consumer Privacy Act: Compliance in... More
  • New Jersey Law Mandates New Patient Disclosures Regarding Insurance The New Jersey Out-of-Network Consumer Protection, Transparency, Cost Containment and Accountability Act takes effect today, August 30, 2018, and requires all licensed health care professionals in New Jersey (including physicians, nurse practitioners and physician assistants, among others) who bill health benefits plans issued or delivered in New Jersey to provide certain disclosures to patients enrolled in such Plans. The Act also contains additional obligations for physicians, including with respect to billing certain out-of-network services.  For more information regarding the Act’s impact on... More
  • Bankrupt Medical Records Company Hit with $100,000 Penalty for HIPAA Violations Filefax, Inc., a defunct Illinois medical records storage and management company, has been fined $100,000 for improperly handling medical data under an agreement with the court-appointed receiver managing the company’s assets on behalf of its creditors.  This settlement has implications for both service providers and their covered entity clients.  Fox Rothschild partners Elizabeth Litten and Michael Kline were quoted in an article by Marla Durben Hirsch entitled “Be prepared for HIPAA Issues if a business associate shuts down” in the... More
  • Proposed Changes to the Medicare Physician Fee Schedule and Quality Payment Program in 2019 CMS recently issued its proposed changes to the 2019 Medicare Physician Fee Schedule, which include a controversial change to the reimbursement rates for Level 2-5 evaluation and management (E/M) services and some notable changes to the Quality Payment Program.  This post highlights some key aspects of the Proposed Rule that will affect medical practices. CMS views the Rule as one of “several proposed rules that reflect a broader Administration-wide strategy to create a healthcare system that results in better accessibility, quality,... More
  • The Heavy Hit of HIPAA: Violations May Send You to Jail The recent criminal conviction of a Massachusetts physician provides a stark reminder that violating HIPAA can result in more than civil monetary penalties and the financial and reputational fall-out that results from a breach. In this case, perhaps the cover-up was worse than the crime, or maybe prosecutors decided that a conviction on other charges would have been harder to get. Either way, the case should alert covered entities and business associates to the fact that HIPAA violations can result... More
  • New VA MISSION Act Designed to Increase Veteran Access to Private Doctors This is the second installment in a new series on the Physician Law Blog entitled “Small Doses” designed to provide you with quick updates on meaningful issues.  We will continue to provide you with detailed updates on significant topics which we think are worth your time to read.  The purpose of “Small Doses” is to give you just enough information regarding a topic to have a general understanding of its import in a quick, easy read.   In response to the publicity... More
  • When HIPAA Compliance Is Not Enough: The Territorial Scope of GDPR The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Whereas HIPAA applies to particular types or classes of data creators, recipients, maintainers or transmitters (U.S. covered entities and their business associates and subcontractors), GDPR applies much more generally – it applies to personal data itself. Granted, it doesn’t apply to personal data that has absolutely no nexus to the EU, but assuming it doesn’t apply to your U.S.-based entity simply because you don’t have... More
  • Small Doses: CMS Updates Reportable List of Adverse Actions This is the first installment in a new series on the Physician Law Blog entitled “Small Doses” designed to provide you with quick updates on meaningful issues.  We will continue to provide you with detailed updates on significant topics which we think are worth your time to read.  The purpose of “Small Doses” is to give you just enough information regarding a topic to have a general understanding of its import in a quick, easy read.   CMS recently updated its list... More
  • New “Medical Device Safety Action Plan” Intended to Modernize FDA’s Approach to Device Safety In April, the FDA released its “Medical Device Safety Action Plan,” a short to mid-term vision for increasing the safety of medical devices.  In it, the FDA acknowledges that enhancements and changes in its approach to device safety are necessary to ensure that it is “vigilant” in keeping up with the developments in the complexity and number of medical devices. Key to the FDA’s new approach is focusing on the “Total Product Life Cycle (TPLC)” of each type of medical device,... More
  • The Cost for a Copy of Medical Records? It May Depend Who’s Asking The Report to Congressional Committees of the U.S. Government Accountability Office (“GAO Report”), required under the 21st Century Cures Act, came out about a month earlier than required, but this early bird failed to catch what continues to be a wriggling worm – what can a covered entity charge for these copies? As discussed in our February 2017 blog post, the Office for Civil Rights issued guidance (“OCR Guidance”) over 2 years ago attempting to clarify that HIPAA charge limits (to... More