Kelly Thompson Joins Legal HIE as its Strategy and Interoperability Lead

Kelly Thompson Joins Legal HIE as its Strategy and Interoperability Lead

Kelly Hoover Thompson has joined Legal HIE Solutions as its new Strategy & Interoperability Lead! Kelly is a powerhouse in healthcare law, interoperability, and transformation. She is the former CEO of SHIEC, and former Deputy Secretary at the Pennsylvania Department of Health, and services in numersou advisory and leadership roles, including for the CDC’s Center for Health Statistics Board, the National POLST Technology Committee, and UPMC’s Patient Safety Committee. Kelly has been at the forefront of shaping health IT, regulatory policy, and organizational development. Learn more about Kelly in today’s post!

read more
A Look Back at 2024: HIPAA Enforcement Year in Review

A Look Back at 2024: HIPAA Enforcement Year in Review

Calendar year 2024 brought a range of high-impact HIPAA enforcement actions from the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). By the year’s end, OCR had collected over $9 million through various settlements and final determinations. Interestingly, 2024 stands out for having the most final determinations (i.e., definitive impositions of a Civil Money Penalty) in OCR’s HIPAA enforcement history. However, it remains the case that most matters are resolved cooperatively through settlement agreements. Across hospitals, nursing facilities, EMS providers, physician offices (including dental and specialty practices), and even a health care clearinghouse, OCR’s actions highlighted the ongoing importance of thorough risk analyses, timely patient access to records, comprehensive workforce training, and secure system configurations.

read more
Lessons Learned from Real Time vs. PointClickCare: Mind your Information Blocking Ps and Qs

Lessons Learned from Real Time vs. PointClickCare: Mind your Information Blocking Ps and Qs

A federal district judge has granted preliminary injunctive relief to Real Time Medical Systems, Inc. (“Real Time”) barring the defendant, PointClickCare (“PCC”), from deploying unsolvable CAPTCHAs that interfered with Real Time’s ability to access the data of its skilled nursing facility customers that utilized PCC. As Judge Xinis wrote in the opinion, “No evidence supports that PCC had any legitimate good faith use for wholly inscrutable CAPTCHAs which, by definition, blocked Real Time from getting the very records it needs to exist….But even more damning is the timing of such deployments, which support that PCC used those CAPTCHAs as a device to hamstring or eliminate Real Time as a competitor.” Keep reading for additional details regarding Real Time’s complaints against PointClickCare.

Update: On August 19, 2024, PointClickCare filed a Motion to Expedite Appeal with the United States Court of Appeals for the Fourth Circuit.

read more
HIPAA Reproductive Health Care Privacy – Attestation Template, Policy Samples, updated HIPAA policies, a HIPAA-New Jersey Reproductive Health Care Law crosswalk, and more!

HIPAA Reproductive Health Care Privacy – Attestation Template, Policy Samples, updated HIPAA policies, a HIPAA-New Jersey Reproductive Health Care Law crosswalk, and more!

June 25, 2024 has arrived! This means that the Final Rule for HIPAA Privacy to Support Reproductive Health Care Privacy is officially in effect, and HIPAA covered entities and business associates may now begin implementing its new requirements! But there are still many questions about how some of the new requirements should be implemented. Among those giving covered entities and business associates the most angst is the new Attestation requirement.

read more
FTC Expands Health Breach Notification Rule: What It Means for Health Apps, HIEs, and the Future of Health Data Privacy

FTC Expands Health Breach Notification Rule: What It Means for Health Apps, HIEs, and the Future of Health Data Privacy

The FTC has finalized significant changes to the Health Breach Notification Rule (HBNR), a regulation originally designed to ensure that personal health records (PHRs) and similar digital health platforms notify consumers in the event of a data breach. These updates clarify the rule’s applicability to technologies outside the scope of HIPAA and impose stricter notification and transparency requirements on companies handling sensitive health data. The amendments also carry broad implications for HIEs and HINs, which are at the forefront of data interoperability and patient information sharing.

read more
The 2023 HITECH Report to Congress: Big Steps in Interoperability—No April Fools’ Gimmicks

The 2023 HITECH Report to Congress: Big Steps in Interoperability—No April Fools’ Gimmicks

The latest HITECH Report to Congress, released earlier this month, outlines the evolving landscape of health information technology and the continued push toward a more connected, interoperable health care system. With electronic health records (EHRs) now a staple in most clinical settings, the focus has shifted from adoption to enhancing how data is exchanged and used. The report highlights major achievements, persistent challenges, and future priorities in the journey toward seamless health information sharing.

read more
FTC Expands Health Breach Notification Rule: What It Means for Health Apps, HIEs, and the Future of Health Data Privacy

42 C.F.R. Part 2 Final Rule Amending Privacy of Substance Use Disorder Records Released.

The Final Rule amending 42 CFR Part 2 finalizes changes that will align uses and disclosures of Part 2 information with HIPAA for treatment, payment & health care operations. Part 2 providers and others who must comply with Part 2 and this Final Rule have two (2) years to get into compliance. Read more about the changes and how we can help with compliance.

read more
When AI Denies Your Healthcare: The UnitedHealthcare Lawsuit and the Legal Dangers of AI in Medicine

When AI Denies Your Healthcare: The UnitedHealthcare Lawsuit and the Legal Dangers of AI in Medicine

icial intelligence (AI) is supposed to make healthcare smarter, more efficient, and—ideally—better for patients. But as UnitedHealthcare Group (UHG) recently learned, AI can also go horribly wrong, leading to denied care, regulatory scrutiny, and class-action lawsuits. Today’s posts breaks down what happened in the UHG case, what it reveals about some of AI’s legal minefields, and how healthcare organizations can avoid becoming the next target of an AI-related lawsuit.

read more
Genetic Testing Company Violates Privacy and Security Policies, FTC Says.

Genetic Testing Company Violates Privacy and Security Policies, FTC Says.

Genetic testing companies, and those who partner with them, must take care to ensure that the scope of how consumers’ sensitive data is used and shared in the future aligns with the scope of consent that was granted by the consumer at the point of collection. The FTC found that a California-based genetic testing company informed consumers that it would only share consumers’ sensitive health and other personal information “in limited circumstances,” but then expanded sharing such information with new third parties, like supermarket chains. The FTC has now stepped up to protect consumers’ sensitive genetic information.

read more
CMS Releases Hospital COP Event Notification FAQs; Interpretive Guidance

CMS Releases Hospital COP Event Notification FAQs; Interpretive Guidance

On May 1, modifications to the Medicare Conditions of Participation (“CoPs”) went into effect, requiring certain electronic event notifications for admissions, discharges and transfers (“ADTs”) to and from hospitals, critical access hospitals and psychiatric hospitals. To provide guidance to hospitals and state surveyors, CMS released several FAQs as well as interpretive guidance last week to be published in the State Operations Manual.

Hospitals are required to make a “reasonable effort” to ensure that notifications are sent to post-acute care services providers and suppliers, and other practitioners and entities, which need such notifications for treatment, care coordination or quality improvement. Under the new CoP, ADT notifications must be sent for all emergency department and inpatient patients where the hospital, critical access hospital or psychiatric hospital maintains an electronic medical record or administrative system.

read more
Halloween Treat!  HHS Delays Information Blocking Compliance Deadline to  April 5, 2021!

Halloween Treat! HHS Delays Information Blocking Compliance Deadline to April 5, 2021!

Interim Final Rule with Comment Period Responds to COVID-19 Pandemic. Responding to public health threats posed by the coronavirus pandemic, today the U.S. Department of Health and Human Services’ (HHS) Office of the National Coordinator for Health IT (ONC) released an interim final rule with comment period that extends the compliance dates and timeframes necessary to meet certain requirements related to information blocking and Conditions and Maintenance of Certification (CoC/MoC) requirements.

read more
CMS Extends Publication Deadline for Stark Law Changes

CMS Extends Publication Deadline for Stark Law Changes

At the last hour, CMS extended the deadline for publishing much anticipated changes to the Stark Law. Originally expected for publication this past August, CMS extended the deadline to August 2021, noting that “… we are still working through the complexity of the issues raised by comments received on the proposed rule and therefore we are not able to meet the announced publication target date.” Together with the OIG’s counterpart rule, the proposed rules contain the potential for significant modernization of the Stark Law and Anti-kickback Statute as part of the “Regulatory Spring to Coordinated Care” as well as increased alignment and coordination between the two sets of laws.

read more

Archives