Changes on the Horizon for Part 2 Confidentiality Regulations
As part of its comprehensive COVID-19 response, Congress quietly passed through changes to the federal drug and alcohol confidentiality framework known as “Part 2” under the CARES Act, enacted on March 27. One of the more underreported components of the CARES Act, the changes do not completely overhaul the Part 2 regulations, however, they relax several restrictions that health care providers have struggled with, particularly in the electronic exchange and electronic health records (“EHR”) context (the “CARES Act Changes”).
Will ONC’s Final Rule put HIEs between a “Block and a Hard Place”?
Under the ONC’s Final Rule on Information Blocking, Health Care Providers, HIEs and HINs will be legally prohibited from interfering with the access, exchange, or use of EHI unless an exception applies. However, HIEs/HINs that are HIPAA Business Associates are not allowed to use or further disclose PHI other than as permitted or required by their HIPAA BAAs with respective health care providers. So, what happens if a Health Care Provider and its HIPAA Business Associate HIE/HIN disagree on whether an exception allows EHI to be withheld from access, exchange or use under a certain set of specific facts?
Don’t Make the Mistake of Over-Reporting Data Breaches Under HIPAA
Evaluating incidents that affect protected health information (PHI) to determine whether they must be reported under HIPAA’s Breach Notification Rule is a delicate balancing act. On the one hand, a HIPAA covered entity will want to avoid reporting an incident to the Secretary of HHS if it is not required to do so under the standards set forth in HIPAA’s Breach Notification Rule. On the other hand, a HIPAA covered entity that fails to report a HIPAA Breach risks being exposed to penalties from OCR for each day such Breach was not reported when it should have been. A recent Becker’s Health IT article brought attention to a Notice posted by Ann & Robert H. Lurie Children’s Hospital of Chicago
CMS Continues COVID-19 Assistance for the Promoting Interoperability and Quality Payment Programs
As hospitals and providers continue to struggle in response to the COVID-19 pandemic, CMS has announced several efforts to provide assistance under the Promoting Interoperability Programs and Quality Payment Program.
For the Quality Payment Program, CMS had previously extended the deadline for MIPS eligible clinicians to submit data and reopened the application period for MIPS eligible clinicians to file for a hardship exception for the 2019 payment year. Additionally, CMS announced that any individual MIPS eligible clinician who did not submit data or which submitted data for only one performance category for the 2019 payment year by April 30 will automatically receive a neutral payment instead of a negative payment adjustment (this “extreme and uncontrollable circumstances” policy is not available to groups/virtual groups). If a MIPS eligible clinician is able to submit data, CMS noted that the data submission would override the automatic “extreme and uncontrollable circumstances” policy and the clinician could be eligible for negative, neutral or positive payment adjustments based on the data submission.
Are Lawsuits for Violations of HIPAA’s Deidentification Standards About to Take Off – and What Can You Do About It?
A recent opinion article published in STAT News explored whether potential litigation is looming surrounding the de-identified data exception in HIPAA. The authors of the article point out that “large volumes of data underpin the development of any AI effort,” which is why companies…
Legal HIE has Relaunched with a NEW Membership Subscription Option!
Welcome (or, to some, “welcome back”) to Legal...
OIG issues Proposed Rule for Civil Monetary Penalties for Information Blocking
On Friday, April 24th, the Office of Inspector General (OIG) of HHS published a Proposed Rule to amend the civil monetary penalties (CMP) rules to incorporate new authorities for investigating and assessing monetary penalties for Information Blocking violations.
ONC Delays Enforcement of the Information Blocking Certification Provisions of its CURES Act Final Rule for 3 months
Today, ONC announced that it will exercise its discretion in enforcing all new requirements under its Cures Act Final Rule which have compliance dates and time frames until 3 months after each such date identified in the Final Rule. The ONC Final Rule is scheduled to be published on May 1, 2020 in the Federal Register. The ONC has developed an “Enforcement Discretion Dates and Time frames” chart which indicates that the Part 170 Information Blocking provisions will have a compliance Enforcement Discretion Date of February 1, 2021.
Summary List of COVID19-related Federal Actions Relevant to Healthcare
As efforts at the federal and individual states level evolve every day at almost a breakneck pace to address challenges and needs related to the COVID-19 outbreak, here is a running list of some of the top actions taken at the federal level that we thought would be helpful to the healthcare industry (Caveat, this is not an exhaustive list): [updated: July, 28, 2021]
When Do Conduits Cross the HIPAA BA Line?
What Is a “Conduit” and When Do They Cross The...
CMS Announces Notice of Proposed Rulemaking for 2014 Certified EHR Technology Flexibility
CMS Announces Notice of Proposed Rulemaking for...
Webinar: HIPAA and HIT Best Practices for Hospital Executives & Board Trustees
Webinar: HIPAA and HIT Best Practices for...
CMS Extends Meaningful Use Hardship Extension Where Vendor Delayed with Certifying EHR Technology.
CMS Extends Meaningful Use Hardship...
Copiers result in $1.2 million settlement and CAP for Affinity Health
Copiers result in .2 million settlement and CAP...
Document Disposal Company Responsible for old Patient Records found in Park
Document Disposal Company Responsible for old...
WellPoint hit with $1.7 million for Security Weaknesses in Online Application
WellPoint hit with .7 million for Security...
ONC Sells Successes of Health IT Adoption to Congress in Annual Report
ONC Sells Successes of Health IT Adoption to...
Lessons from the Idaho State University CAP
Lessons from the Idaho State University CAP ...
ONC Releases Governance Framework for Trusted HIE
ONC Releases Governance Framework for Trusted...
EHR Vendor Loses Meaningful Use Certification
EHR Vendor Loses Meaningful Use...
Proposed Rules Extend EHR Donation Sunsets for Stark and Anti-Kickback
Proposed Rules Extend EHR Donation Sunsets for...