Blogs

HIPAA & Health Information Technology Blog

William Maruca, Michael Kline and Elizabeth Litten maintain a blog that provides information regarding current legal and practical issues that health care providers and business must consider with regard to the exchange of health information, including the use of electronic health records (EHR). The HIPAA Privacy Rule and Security Rule requirements are among the legal standards with which there must be compliance when utilizing EHR, as well as sharing and exchanging health information in general. This blog also considers possible solutions to maneuver the legal and other barriers to establishing an EHR system and infrastructures for the beneficial exchange of health information.

View the HIPAA & Health Information Technology Blog

Physician Law Blog

Todd A. Rodriguez and Edward J. Cyran maintain a blog that can be used as a resource for current legal issues and news affecting physicians and other non-institutional health care providers. Their blog provides updates on new legislation and legal issues relating to practice management, billing and coding, ancillary services, malpractice insurance, fraud and abuse developments and other important legal issues affecting physicians in their personal and professional lives.

View the Physician Law Blog

Recent Blog Posts

  • Bankrupt Medical Records Company Hit with $100,000 Penalty for HIPAA Violations Filefax, Inc., a defunct Illinois medical records storage and management company, has been fined $100,000 for improperly handling medical data under an agreement with the court-appointed receiver managing the company’s assets on behalf of its creditors.  This settlement has implications for both service providers and their covered entity clients.  Fox Rothschild partners Elizabeth Litten and Michael Kline were quoted in an article by Marla Durben Hirsch entitled “Be prepared for HIPAA Issues if a business associate shuts down” in the... More
  • Proposed Changes to the Medicare Physician Fee Schedule and Quality Payment Program in 2019 CMS recently issued its proposed changes to the 2019 Medicare Physician Fee Schedule, which include a controversial change to the reimbursement rates for Level 2-5 evaluation and management (E/M) services and some notable changes to the Quality Payment Program.  This post highlights some key aspects of the Proposed Rule that will affect medical practices. CMS views the Rule as one of “several proposed rules that reflect a broader Administration-wide strategy to create a healthcare system that results in better accessibility, quality,... More
  • The Heavy Hit of HIPAA: Violations May Send You to Jail The recent criminal conviction of a Massachusetts physician provides a stark reminder that violating HIPAA can result in more than civil monetary penalties and the financial and reputational fall-out that results from a breach. In this case, perhaps the cover-up was worse than the crime, or maybe prosecutors decided that a conviction on other charges would have been harder to get. Either way, the case should alert covered entities and business associates to the fact that HIPAA violations can result... More
  • New VA MISSION Act Designed to Increase Veteran Access to Private Doctors This is the second installment in a new series on the Physician Law Blog entitled “Small Doses” designed to provide you with quick updates on meaningful issues.  We will continue to provide you with detailed updates on significant topics which we think are worth your time to read.  The purpose of “Small Doses” is to give you just enough information regarding a topic to have a general understanding of its import in a quick, easy read.   In response to the publicity... More
  • When HIPAA Compliance Is Not Enough: The Territorial Scope of GDPR The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018. Whereas HIPAA applies to particular types or classes of data creators, recipients, maintainers or transmitters (U.S. covered entities and their business associates and subcontractors), GDPR applies much more generally – it applies to personal data itself. Granted, it doesn’t apply to personal data that has absolutely no nexus to the EU, but assuming it doesn’t apply to your U.S.-based entity simply because you don’t have... More
  • Small Doses: CMS Updates Reportable List of Adverse Actions This is the first installment in a new series on the Physician Law Blog entitled “Small Doses” designed to provide you with quick updates on meaningful issues.  We will continue to provide you with detailed updates on significant topics which we think are worth your time to read.  The purpose of “Small Doses” is to give you just enough information regarding a topic to have a general understanding of its import in a quick, easy read.   CMS recently updated its list... More
  • New “Medical Device Safety Action Plan” Intended to Modernize FDA’s Approach to Device Safety In April, the FDA released its “Medical Device Safety Action Plan,” a short to mid-term vision for increasing the safety of medical devices.  In it, the FDA acknowledges that enhancements and changes in its approach to device safety are necessary to ensure that it is “vigilant” in keeping up with the developments in the complexity and number of medical devices. Key to the FDA’s new approach is focusing on the “Total Product Life Cycle (TPLC)” of each type of medical device,... More
  • The Cost for a Copy of Medical Records? It May Depend Who’s Asking The Report to Congressional Committees of the U.S. Government Accountability Office (“GAO Report”), required under the 21st Century Cures Act, came out about a month earlier than required, but this early bird failed to catch what continues to be a wriggling worm – what can a covered entity charge for these copies? As discussed in our February 2017 blog post, the Office for Civil Rights issued guidance (“OCR Guidance”) over 2 years ago attempting to clarify that HIPAA charge limits (to... More
  • (Ride)Sharing is Caring The transportation landscape in America has evolved and these developments are now impacting health care. With about 75 percent of the U.S. population living in a county with access to an on-demand ride-hailing service, many patients are turning to ride-share services, like Uber and Lyft, as a means to obtain their medical care. The idea of partnering ride-sharing and health care is not new. Over the past few years, ride-sharing companies have been edging their way into the health care realm.... More
  • CMS Announces New Initiatives for Innovating Patient Care Last month, CMS Administrator Seema Verma announced several initiatives to innovate the delivery of patient care at the ground level.  In collaboration with the Trump Administration and other federal agencies, CMS is taking steps to implement a system in which patients have control of their electronic health information and can easily transfer it between health care providers.  This system, referred to as “MyHealthEData,” is also intended to allow both physician and patient to access the clinical and payment data required... More
  • When Data is Like Toothpaste In 1973, President Richard Nixon’s Chief of Staff H.R. Haldeman warned White House Counsel John Dean against talking to prosecutors investigating the growing Watergate scandal, telling him “Once the toothpaste is out of the tube, it’s going to be very hard to get it back in,” and a useful idiom was born. Personal electronic data, including protected health information, once disclosed, can be equally difficult to recapture and contain. A recent article in Slate entitled You Can’t Clean Up a Data... More
  • Not So Fast! HIPAA (Surprisingly) Doesn’t Apply to THAT! Many employers who have had it drilled into them that HIPAA applies to protected health information (PHI) of employees are often surprised to learn that the applicability of HIPAA to employee health information (EHI) is actually quite narrow.  HIPAA only applies to EHI related to the employer’s group health plans (such as medical, dental, employee assistance program (EAP) and health flexible spending arrangement (FSA)).  Employer-sponsored group health plans are HIPAA covered entities. Further, although this is true regardless of whether... More
  • Healthcare Facility Policies in the Age of Medical Marijuana On Fox’s In the Weeds blog, associate Richard Holzworth discussed the influx of patients registering for the Pennsylvania Medical Marijuana Program, and provided an overview of key policy and procedure updates that PA’s healthcare facilities, including hospitals and long-term care providers, should adopt: Despite Pennsylvania’s medical marijuana industry being in its infancy, more than 17,000 patients have registered for the program, and more than 4,000 already have received their medical marijuana card from the Department of Health. Now that cannabis products have burst onto... More
  • A Movement to Consider: Telepsychiatry in New York State In a post on February 28, Fox associate Kristen Marotta discussed the privacy and security issues arising from the growing use of telemedicine, particularly for mental health treatment. Now on the firm’s Physician Law blog, Kristen continues her discussion of telepsychiatry by diving into recent developments in New York State surrounding the innovative practice model. Kristen notes new funding from the New York Office of Mental Health to expand its use, and breaks down the OMH regulations that psychiatrists and physicians will need... More
  • A Movement to Consider: Telepsychiatry in New York State Kristen Marotta writes: Recently on Fox’s HIPAA & Health Information Technology blog, we discussed the privacy and security issues arising from the growth of telemedicine, as well as the general benefits that such growth could have for recent medical graduates. Now, with more funding and attention being given to telemedicine, new physicians will have the opportunity to make a difference in rural health care and move the industry into an entirely new direction. In New York, recent funding has been made available... More