Lessons Learned from Real Time vs. PointClickCare: Mind your Information Blocking Ps and Qs

Lessons Learned from Real Time vs. PointClickCare: Mind your Information Blocking Ps and Qs

A federal district judge has granted preliminary injunctive relief to Real Time Medical Systems, Inc. (“Real Time”) barring the defendant, PointClickCare (“PCC”), from deploying unsolvable CAPTCHAs that interfered with Real Time’s ability to access the data of its skilled nursing facility customers that utilized PCC. As Judge Xinis wrote in the opinion, “No evidence supports that PCC had any legitimate good faith use for wholly inscrutable CAPTCHAs which, by definition, blocked Real Time from getting the very records it needs to exist….But even more damning is the timing of such deployments, which support that PCC used those CAPTCHAs as a device to hamstring or eliminate Real Time as a competitor.” Keep reading for additional details regarding Real Time’s complaints against PointClickCare.

Update: On August 19, 2024, PointClickCare filed a Motion to Expedite Appeal with the United States Court of Appeals for the Fourth Circuit.

read more
HIPAA Reproductive Health Care Privacy – Attestation Template, Policy Samples, updated HIPAA policies, a HIPAA-New Jersey Reproductive Health Care Law crosswalk, and more!

HIPAA Reproductive Health Care Privacy – Attestation Template, Policy Samples, updated HIPAA policies, a HIPAA-New Jersey Reproductive Health Care Law crosswalk, and more!

June 25, 2024 has arrived! This means that the Final Rule for HIPAA Privacy to Support Reproductive Health Care Privacy is officially in effect, and HIPAA covered entities and business associates may now begin implementing its new requirements! But there are still many questions about how some of the new requirements should be implemented. Among those giving covered entities and business associates the most angst is the new Attestation requirement.

read more
42 C.F.R. Part 2 Final Rule Amending Privacy of Substance Use Disorder Records Released.

42 C.F.R. Part 2 Final Rule Amending Privacy of Substance Use Disorder Records Released.

The Final Rule amending 42 CFR Part 2 finalizes changes that will align uses and disclosures of Part 2 information with HIPAA for treatment, payment & health care operations. Part 2 providers and others who must comply with Part 2 and this Final Rule have two (2) years to get into compliance. Read more about the changes and how we can help with compliance.

read more
Genetic Testing Company Violates Privacy and Security Policies, FTC Says.

Genetic Testing Company Violates Privacy and Security Policies, FTC Says.

Genetic testing companies, and those who partner with them, must take care to ensure that the scope of how consumers’ sensitive data is used and shared in the future aligns with the scope of consent that was granted by the consumer at the point of collection. The FTC found that a California-based genetic testing company informed consumers that it would only share consumers’ sensitive health and other personal information “in limited circumstances,” but then expanded sharing such information with new third parties, like supermarket chains. The FTC has now stepped up to protect consumers’ sensitive genetic information.

read more
CMS Releases Hospital COP Event Notification FAQs; Interpretive Guidance

CMS Releases Hospital COP Event Notification FAQs; Interpretive Guidance

On May 1, modifications to the Medicare Conditions of Participation (“CoPs”) went into effect, requiring certain electronic event notifications for admissions, discharges and transfers (“ADTs”) to and from hospitals, critical access hospitals and psychiatric hospitals. To provide guidance to hospitals and state surveyors, CMS released several FAQs as well as interpretive guidance last week to be published in the State Operations Manual.

Hospitals are required to make a “reasonable effort” to ensure that notifications are sent to post-acute care services providers and suppliers, and other practitioners and entities, which need such notifications for treatment, care coordination or quality improvement. Under the new CoP, ADT notifications must be sent for all emergency department and inpatient patients where the hospital, critical access hospital or psychiatric hospital maintains an electronic medical record or administrative system.

read more
Halloween Treat!  HHS Delays Information Blocking Compliance Deadline to  April 5, 2021!

Halloween Treat! HHS Delays Information Blocking Compliance Deadline to April 5, 2021!

Interim Final Rule with Comment Period Responds to COVID-19 Pandemic. Responding to public health threats posed by the coronavirus pandemic, today the U.S. Department of Health and Human Services’ (HHS) Office of the National Coordinator for Health IT (ONC) released an interim final rule with comment period that extends the compliance dates and timeframes necessary to meet certain requirements related to information blocking and Conditions and Maintenance of Certification (CoC/MoC) requirements.

read more
CMS Extends Publication Deadline for Stark Law Changes

CMS Extends Publication Deadline for Stark Law Changes

At the last hour, CMS extended the deadline for publishing much anticipated changes to the Stark Law. Originally expected for publication this past August, CMS extended the deadline to August 2021, noting that “… we are still working through the complexity of the issues raised by comments received on the proposed rule and therefore we are not able to meet the announced publication target date.” Together with the OIG’s counterpart rule, the proposed rules contain the potential for significant modernization of the Stark Law and Anti-kickback Statute as part of the “Regulatory Spring to Coordinated Care” as well as increased alignment and coordination between the two sets of laws.

read more
Moving Forward after Privacy Shield’s Invalidation

Moving Forward after Privacy Shield’s Invalidation

On July 16, the Court of Justice of the European Union (“CJEU”) invalidated the Privacy Shield, one of the primary mechanisms used by companies to lawfully transfer personal data outside of the European Union under the GDPR. Despite a prior adequacy determination in 2016, the CJEU found that shortcomings in the Privacy Shield, particularly U.S. security and surveillance laws and an ineffective Ombudsperson program, resulted in a failure to provide essentially equivalent protections to those afforded to individuals within the European Union.

read more
Why Privacy & Consent Will Remain a Central Hurdle to Health Info Exchange Despite the Info Blocking Rule

Why Privacy & Consent Will Remain a Central Hurdle to Health Info Exchange Despite the Info Blocking Rule

Under the Privacy Exception, an Actor is permitted to not fulfill a request received to access, exchange, or use EHI to protect an individual’s privacy. The sub-exception for a “precondition-not-satisfied” will continue to put state laws governing privacy and consent at the center of decisions about whether EHI will be shared with third parties. Healthcare providers and HIEs/HINs especially will need to ensure that they have identified and analyzed each legal precondition to the release of EHI that is applicable to the particular type of entity and type of information that is implicated.

read more
Summary List of COVID19-related Federal Actions Relevant to Healthcare

Summary List of COVID19-related Federal Actions Relevant to Healthcare

As efforts at the federal and individual states level evolve every day at almost a breakneck pace to address challenges and needs related to the COVID-19 outbreak, here is a running list of some of the top actions taken at the federal level that we thought would be helpful to the healthcare industry (Caveat, this is not an exhaustive list):  [updated: July, 28, 2021]

read more

Archives