Blogs

HIPAA & Health Information Technology Blog

William Maruca, Michael Kline and Elizabeth Litten maintain a blog that provides information regarding current legal and practical issues that health care providers and business must consider with regard to the exchange of health information, including the use of electronic health records (EHR). The HIPAA Privacy Rule and Security Rule requirements are among the legal standards with which there must be compliance when utilizing EHR, as well as sharing and exchanging health information in general. This blog also considers possible solutions to maneuver the legal and other barriers to establishing an EHR system and infrastructures for the beneficial exchange of health information.

View the HIPAA & Health Information Technology Blog

Physician Law Blog

Todd A. Rodriguez and Edward J. Cyran maintain a blog that can be used as a resource for current legal issues and news affecting physicians and other non-institutional health care providers. Their blog provides updates on new legislation and legal issues relating to practice management, billing and coding, ancillary services, malpractice insurance, fraud and abuse developments and other important legal issues affecting physicians in their personal and professional lives.

View the Physician Law Blog

Recent Blog Posts

  • Bah, Humbug! Another Hospital Hit With a FLSA Collective Action On Missed Lunches This post is a courtesy of Fox Rothschild attorney Mark Tabakman, Esq., and was first published on Fox’s Wage & Hour – Developments and Highlights Blog.  It is particularly relevant for health care providers that automatically deduct lunch breaks from their employees’ wages: The health care industry seems to be ground zero for a particular kind of class ... Continue Reading ... More
  • Flo Health App Fallout: HIPAA-like Breach Notification Rule Not Enforced by FTC Flo Health, Inc., which marketed an app used by more than 100 million women interested in tracking their personal menstruation and fertility information, seems to be getting off easily as compared with HIPAA-covered entities who misuse individual health information.  The FTC’s January 13, 2021 press release announcing its proposed settlement with Flo Health sidesteps mention (let alone enforcement) of a federal law (and the FTC’s own rule).  This puzzling sidestep deserves attention, not only in light of the proliferation of... More
  • No Signs of Slowing Down: The OCR Settles another Investigation under the HIPAA Right of Access Initiative Prior to the holiday, the OCR settled its thirteenth enforcement action under the HIPAA Right of Access Initiative, which involved a primary care physician practicing in the State of Georgia.  Dr. Peter Wrobel, M.D., P.C., operating under the fictitious name of Elite Primary Care, became subject to an OCR investigation (twice) for his alleged violations of the HIPAA Privacy Rule. In 2019, the OCR received a complaint stating that Elite Primary Care failed to provide a patient timely access to his... More
  • New Year Likely to Bring New Incentive for Cybersecurity Investment H.R. 7898, sent to the President for signature on December 24, 2020 may be the HIPAA holiday gift covered entities and business associates have been waiting for.  The bill requires the Secretary of the Department of Health and Human Services, when considering penalties, audits and other actions related to HIPAA breaches and security incidents, to take into consideration whether the covered entity or business associate has had “recognized security practices” in place for at least 12 months. “Recognized security practices” broadly... More
  • FLSA Joint Employer Doctrine At Issue In Health Care Industry Overtime Class Action: A Warning! This post is a courtesy of Fox Rothschild attorney Mark Tabakman, Esq., and was first published on Fox’s Wage & Hour – Developments and Highlights Blog.  It is particularly relevant for health care providers that enter into staffing services arrangements with vendors: In FLSA cases, plaintiff lawyers are always looking for a deep pocket and one of the ... Continue Reading ... More
  • Meeting Patient Needs with J-1 Waivered Physicians This post is authored by Catherine Wadhwani, Partner and Co-Chair of the firm’s Immigration Practice Group.  The post first appeared on Fox’s Immigration View Blog: We hear the reports daily.  COVID-19 cases are spiking nationwide.  Hospitals and health care facilities are at maximum capacity.  Even with progress toward the availability of a vaccine, it’s not clear exactly when things ... Continue Reading ... More
  • OIG Issues Special Fraud Alert on Speaker Programs Earlier this week, the Office of Inspector General OIG issued a Special Fraud Alert (Alert) on speaker programs by pharmaceutical and medical device companies in connection with the Federal Anti-Kickback Statute. In the Alert, the “speaker programs” are defined as company-sponsored events at which a health care professional makes a speech or presentation to other health care professionals about a ... Continue Reading ... More
  • The OCR Remains Increasingly Active under the HIPAA Right of Access Initiative The Department of Health and Human Services (“HHS”) Office of Civil Rights (“OCR”) recently settled four more investigations under the HIPAA Right of Access Initiative, which totals 11 settlements thus far.  In September, the OCR released a press release detailing its settlement of five additional actions under the HIPAA Right of Access Initiative. In the latest settlements, the OCR came down harder on  providers that failed to provide timely access to a patient’s protected health information by imposing six-figure fines... More
  • Medical Devices are Double-edged Swords for Hospitals: Vital for Patient Care but Vulnerable to Cyberattacks On October 28th, the Federal Bureau of Investigation, the Department of Health and Human Services, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency alerted hospital administrators and security researchers about a “credible threat” of cyberattacks to American hospitals.  Four hundred American hospitals are being targeted in cyberattacks by the same Russian hackers whom American officials ... Continue Reading ... More
  • Re-Setting the Clock for Responding to Individual Access Requests Under the Information Blocking Rule Covered entities beware: a timing pitfall lurks within the recently adopted rules prohibiting information blocking.  We have posted about OCR’s “Right to Access Initiative” and numerous enforcement actions taken to make sure that covered entities respond to patient access requests in a timely manner.  The HIPAA Privacy Rule requires covered entities to respond to access requests within 30 days, but OCR has emphasized that this is an “outer limit and covered entities are encouraged to respond as soon as possible.” Soon,... More
  • HHS Issues ‘Last Call’ for Provider Relief Funds – Apply by Nov. 6 for Share of $20 Billion Distribution An additional $20 billion in “Provider Relief Funds” is being made available pursuant to the Coronavirus Aid, Relief, and Economic Security (CARES) Act through a “Phase 3” General Distribution. However, time is running out for health care providers to apply to the U.S. Department of Health and Human Services for these funds. The application deadline for what may be the ... Continue Reading ... More
  • HHS Extends COVID-19 Related Public Health Emergency through January 20, 2021 On October 2, 2020, Health and Human Services (HHS) Secretary, Alex M. Azar II, announced the renewal of the public health emergency declaration due to the continued consequences of the COVID-19 pandemic. The 90-day renewal is effective October 23, 2020, and extends until January 20, 2021. The renewal impacts a number of regulatory flexibilities and temporary rules applicable to health ... Continue Reading ... More
  • Which Privacy Protections Apply? HIPAA, FERPA and COVID-19 A recent conversation with a colleague in California prompted me to write this. He said that as part of its back-to-school plan, his children’s elementary school district “highly encouraged” that all students be tested for COVID-19 before returning to class. The district provided families with an in-home saliva test and asked parents to collect their child’s saliva, place the vial in a plastic bag along with some forms containing identifying information, and drop them off at the district offices before... More
  • HIPAA Right to Access Initiative Targets Psychiatric/Mental Health Providers Mental Health/substance abuse providers and providers treating HIV/AIDS patients are held to a higher standard when it comes to protecting medical records, requiring additional levels of consent and analysis prior to productions. However, recent settlements published by the Office of Civil Rights of the Department of Health and Human Services (OCR) on September 15, 2020 remind all providers that patients and their authorized representatives have a right to access their records. Right to Access Initiative: In 2019 OCR launched the Right to... More
  • Federal Court Holding Reminds Providers to Address Gender Identity Discrimination in Workplace In 2016, the Obama Administration issued a regulation implementing Section 1557 of the Affordable Care Act (ACA) (the 2016 Rule), which redefined sex discrimination to include termination of pregnancy and gender identity. Despite efforts by the U.S. Department of Health and Human Services (HHS) to repeal and revise certain provisions of the 2016 Rule through a new Rule, a ... Continue Reading ... More
  • New OCR Resource Adds Guidance on HIPAA and Direct-to-Consumer Health Apps A tricky issue for mobile health app developers since the Office for Civil Rights (OCR) released its first “Health App Use Scenarios & HIPAA” guidance back in 2016 has been deciphering whether the developer is a business associate if it offers its app on a consumer-facing basis as well as through covered entities (or their business associates).  I wrote about this at the time, highlighting the “maybe”:  whether a health app is acting as a business associate and subject to... More
  • Updated OCR Guidance on Contacting Recovered COVID-19 Patients The Office for Civil Rights within the Department of Health and Human Services (OCR) provided guidance in June that reassured covered entity health care providers and that it is generally OK to use or disclose protected health information (PHI) to contact individuals who have recovered from COVID-19 for case management and care coordination. The OCR has now updated the guidance (“Guidance”) to clarify that health plans may also use or disclose PHI  for purposes of contacting individuals who have recovered from... More
  • “I Have an App for That”: ONC’s Information Blocking Rule and HIPAA Access Rights A patient asks her doctor to send her test results to an app the patient has downloaded on her phone.   The doctor worries that the app is not secure and that the patient might not understand the security risks.  What should the doctor do? Covered entity health care providers and their business associates likely need to update their HIPAA Access Rights Policies and Procedures to address this scenario.  Rules recently adopted by Office of the National Coordinator (ONC) to implement certain... More
  • FDA Warns Consumers and Health Care Professionals Not to Use Certain Hand Sanitizer Products The U.S. Food and Drug Administration (FDA) issued a flurry of Press Releases and Alerts from mid-June through the end of July warning consumers and health care professionals not to use certain alcohol-based hand sanitizers due to the dangerous presence of methanol (or wood alcohol), a substance often used to create fuel and antifreeze that can be toxic when absorbed ... Continue Reading ... More
  • Have You Updated Your Corporate Compliance Program Lately? New guidance issued by the U.S. Department of Justice (DOJ) highlights the importance of updating corporate compliance programs to satisfy regulatory requirements.  The 2020 updates pick up where the 2019 guidance left off in addressing the evaluation metrics for compliance.  The key takeaway for 2020 is that companies are encouraged to update and improve compliance programs with the latest in ... Continue Reading ... More