HIPAA & Health Information Technology Blog

William Maruca, Michael Kline and Elizabeth Litten maintain a blog that provides information regarding current legal and practical issues that health care providers and business must consider with regard to the exchange of health information, including the use of electronic health records (EHR). The HIPAA Privacy Rule and Security Rule requirements are among the legal standards with which there must be compliance when utilizing EHR, as well as sharing and exchanging health information in general. This blog also considers possible solutions to maneuver the legal and other barriers to establishing an EHR system and infrastructures for the beneficial exchange of health information.

View the HIPAA & Health Information Technology Blog

Physician Law Blog

Todd A. Rodriguez and Edward J. Cyran maintain a blog that can be used as a resource for current legal issues and news affecting physicians and other non-institutional health care providers. Their blog provides updates on new legislation and legal issues relating to practice management, billing and coding, ancillary services, malpractice insurance, fraud and abuse developments and other important legal issues affecting physicians in their personal and professional lives.

View the Physician Law Blog

Recent Blog Posts

  • FTC Offers Tips for Data Protection in Products Related to Fighting COVID-19 From Fox Rothschild’s Privacy Compliance & Data Security blog The Federal Trade Commission (FTC) has offered tips for data protection during the COVID-19 crisis. Consider privacy and security as you’re developing your products and services, and not after launch. Although we will be flexible and reasonable when it comes to bringing enforcement actions against companies engaged in good faith, thoughtful efforts to address the effects of the pandemic, it doesn’t pay to be in the news for privacy and security problems. Use privacy... More
  • HHS Announces Relief Fund Payments for Medicaid & CHIP Providers, Safety Net Hospitals and Enhanced Provider Relief Fund Portal In a Press Release issued Tuesday afternoon, the U.S. Department of Health and Human Services (HHS) announced they will distribute approximately $15 billion to eligible providers that participate in state Medicaid and Children’s Health Insurance Program (CHIP) programs that have not received a payment from the Public Health and Social Services Emergency Fund (Provider Relief Funds) and $10 billion in ... Continue Reading ... More
  • Medicare Appeals and Audit Waivers Amid the COVID-19 Pandemic In the event of a national disaster or emergency under the Stafford Act or the National Emergencies Act and a Public Health Emergency Declaration by government officials, the Department of Health and Human Services (HHS) Secretary can temporarily waive certain Medicaid and Medicare criterion, which are commonly referred to as 1135 Waivers.  By way of example, 1135 Waivers or ... Continue Reading ... More
  • Focused Infection Control Surveys for Nursing Homes to be Completed by July 31, 2020 — New Penalties for Identified Deficiencies On June 1, 2020 CMS published QSO-20-31-All. It is effective immediately and provides in part as follows: (1) States will need to perform focused infection control surveys (FICS) of 100% of the certified nursing homes in their State by July 31, 2020 or lose access to certain federal funding. CMS and CDC are tracking the surveys done to date... Continue Reading ... More
  • PA Dental Practices Permitted to Re-Open for Routine Cleanings On June 3, 2020, the Pennsylvania Department of Health (DOH) issued revised Guidance permitting dental practices to re-open for non-urgent and non-emergent care, including, but not limited to, routine cleanings.  Dentists around the State have been awaiting this green light from the DOH, as it has been difficult for practices to re-open without being able to perform routine cleanings. The ... Continue Reading ... More
  • OSHA Revises its Guidance for Recording Work-Related COVID-19 Cases The U.S. Department of Labor’s Occupational Safety and Health Administration (OSHA) generally requires employers to report and record workplace injuries. OSHA has published revised guidance regarding its recordkeeping requirements for employers. Beginning May 26, 2020 and until further notice, OSHA is requiring most employers with more than 10 employees to record work-related employee COVID-19 illnesses. While this applies to many ... Continue Reading ... More
  • PA ASC Guidance Requires CLIA Certification for COVID-19 Testing On May 23, 2020, the PA Department of Health (DOH) revised its guidance for ambulatory surgical facilities (ASFs) to require ASFs that intend to provide COVID-19 testing to patients and staff to hold the appropriate CLIA certification and state laboratory permit to perform such testing. For specific information on what CLIA certification is required, please see the DOH’s guidance on ... Continue Reading ... More
  • J-1 Waiver Physicians: COVID-19 Reduction in Hours and Telehealth (Limited) Temporary Flexibility By Catherine V. Wadhwani on May 18, 2020  The following post originally appeared on the Fox Rothschild’s “Immigration View” blog. On May 11, 2020, U.S. Citizenship and Immigration Services (USCIS) issued a Policy Memorandum relating to certain J-1 waivered foreign medical graduates during the COVID-19 national emergency. The memo, captioned “Temporary Policy Changes for Certain Foreign Medical ... Continue Reading ... More
  • OSHA Safety Considerations for Reopening Dental Practices during the COVID-19 Pandemic The U.S. Department of Labor’s Occupational Safety and Health Administration (OSHA) is keenly aware of the need to protect employees of dental practices returning to work during the COVID-19 pandemic.  On May 11, 2020, OSHA issued an alert listing safety tips employers can follow to help protect dental industry workers from exposure to COVID-19.  OSHA’s alert is consistent with the ... Continue Reading ... More
  • Heightened Cybersecurity Risks for Healthcare Organizations during COVID-19 Pandemic In the midst of the COVID-19/Coronavirus Pandemic, cybercriminals are targeting healthcare organizations with phishing campaigns, ransomware, and other malicious acts that can adversely impact health information technology, medical response, and patient safety. Recently, the New Jersey Cybersecurity and Communications Integration Cell issued an Advisory pertaining to such acts, which includes best practices for users and administrators of healthcare organizations to ... Continue Reading ... More
  • PA Medical and Dental Practices Permitted to Resume Elective Care with Limitations In Guidance issued May 8, 2020 and May 9, 2020, the Pennsylvania Department of Health (DOH) has now permitted medical and dental practices across the Commonwealth to re-engage in the provision of non-urgent or elective care, with certain limitations. Medical practices may now resume non-urgent and elective care “only when appropriate personal protective equipment (PPE) is available and telemedicine is ... Continue Reading ... More
  • Don’t Get Sprayed: CISA Alert Reminds Health Care Entities to Use Strong Passwords A joint Alert from the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) and the U.K.’s National Cyber Security Centre (NCSC) warns of new cyber attacks targeting COVID-19-related information. Notably, these attacks succeed when system users have weak or common passwords.  NCSC published frequently found passwords here, many of which are used by cyber criminals to gain access networks that contain sensitive research and health care information.  The Alert warns that cyber criminals have been using “password spraying”,... More
  • OCR Webinar on HIPAA and COVID-19: Key Points for Covered Entities and Business Associates Fox Rothschild LLP partner Beth Larkin listened to the HHS Office for Civil Rights 4/24/20 webinar (which should be posted on its website at some point) regarding HIPAA and COVID-19 and took notes. Here’s my summary of key points, based on Beth’s notes: Overview: OCR stresses that the HIPAA Rules are supposed to be balanced and flexible.  The HIPAA Rules do not prohibit sharing PHI, they just require covered entities and business associates to take appropriate steps to safeguard PHI in... More
  • New York Attorney General Warns Health Care Industry of COVID-19 Cyber Scams The New York Attorney General has issued a warning to healthcare providers, hospitals, and other organizations within the health supply chain that cyber criminals are using targeted COVID-19 phishing emails and texts to gain access to sensitive information.  Multiple reports indicate that scammers are sending emails and texts to get a recipient to click on a link purporting to share COVID-19 information that in reality installs malware or permits access to steal passwords and other sensitive information. Details in this post... More
  • OCR Warning: Phone Scammer Posing as Investigator to Obtain PHI The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued a warning that it has received reports that someone has been impersonating an OCR inspector in an effort to access HIPAA Protected Health Information (PHI). According to the agency: “The individual identifies themselves on the telephone as an OCR investigator, but does not provide an OCR complaint transaction number or any other verifiable information relating to an OCR investigation. HIPAA covered entities and business associates should alert... More
  • Dos and Don’ts from OCR’s Guidance and FAQs on Telehealth and HIPAA On March 20, 2020, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) published Guidance and a list of FAQs related to the provision of telehealth and HIPAA compliance. “OCR will exercise enforcement discretion and will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered health care providers in connection with the good faith provision of telehealth during the COVID-19 nationwide public health emergency.  This notification is effective immediately.” Here are several... More
  • Medicare and OCR Relax Telehealth Rules Under Medicare and HIPAA By Margaret J. Davino, Salvatore J. Russo and Nawa A. Lodin In the Medicare Telemedicine Healthcare Provider Fact Sheet published March 17, 2020, the Centers for Medicare & Medicaid Services (CMS) broadened access to Medicare telehealth services to allow Medicare patients to receive more services from their doctors without travel to a health care facility. This benefit is available on a temporary and emergency basis under the 1135 waiver authority and Coronavirus Preparedness and Response Supplemental Appropriations Act, to provide telemedicine services during the national... More
  • COVID-19 Update: Limited Waiver of HIPAA Sanctions and Penalties for Certain Hospitals Effective March 15, 2020, certain hospitals that fail to comply with specific HIPAA Privacy Rule requirements will not be subject to HIPAA sanctions and penalties, according to a “COVID-19 & HIPAA Bulletin” issued by U.S. Health and Human Services Secretary Alex M. Azar. The waiver was implemented as a response to President Trump’s recent declaration of a nationwide emergency concerning COVID-19 and Secretary Azar’s declaration of a public health emergency on January 31, 2020. Note that this HIPAA waiver is limited.... More
  • HIPAA and COVID-19: ABCs For Working From Home If your company is a covered entity or a business associate, you face unique challenges when workforce members ask or are required to work from home. Hopefully, your company’s HIPAA Security Policies and Procedures address the use of portable devices, whether they are owned by the employer or by the employee, and your HIPAA security risk assessment should take into account any location in which electronic protected health information (PHI) might be created, received, maintained or transmitted.  Still, it’s important... More
  • More for Employers re: HIPAA Privacy and COVID-19 The FAQs included in my prior post address  employer response with an eye to HIPAA compliance.  What else can an employer do or not do with employee information related to COVID-19 status?   Even covered entities and business associates concerned with HIPAA must be alert to other laws affect their communications and action plans.   Employers should check with labor counsel for laws and requirements that may apply.  Employers should also be aware that state-specific privacy and data security laws may apply... More