Mar 25, 2025 / By

Battle of the Bots Continues…Fourth Circuit Affirms Preliminary Injunction Against PointClickCare

Continuing the saga of Real Time and PointClickCare in the battle of the bots, the U.S. 4th Circuit recently affirmed a preliminary injunction granted in favor of Real Time against PointClickCare, finding, among other things, that PointClickCare was unable to meet a burden of proof that it met its claimed Exceptions to Information Blocking. Therefore, documentation will be critical for actors who may find themselves having to defend similar claims.

Mar 9, 2025 / By

Preventing IAS from Becoming a Trojan Horse

Last week, I attended HIMSS 2025 in Las Vegas and came away with four big themes that stood out for me: the industry’s growing focus on Individual Access Services (IAS) and rock-solid identity verification, the push to expand non-treatment use cases for interoperability (like payment and healthcare operations), the urgent need for modernized consent management, and the overarching importance of trust to tie it all together. Yet of all these, for me, IAS is the real showstopper: if we don’t get identity and access right, the rest of our digital transformations—from AI-driven insights to cross-network data sharing—could quickly unravel. In today’s post, I want to zero in on IAS—where it fits into HIPAA’s right of access, where personal representatives enter the picture, and why it risks becoming a Trojan Horse for unauthorized data if we don’t take the proper safeguards.

silhouette of woman holding rectangular board

Mar 2, 2025 / By

NOW LIVE! The Updated 42 C.F.R. Part 2 Helper is Available!

The wait is finally over!! Our brand-new, UPDATED 42 C.F.R. Part 2 Helper compliance package is now live for current members of Legal HIE. Loaded with carefully crafted checklists, tools, sample forms, policies, and training resources, all updated for the Part 2 Final Rule, it’s just what the doctor ordered for every organization to stay miles ahead of the February 16, 2026 compliance deadline! Read our new blog post for more information about what’s included with our Part 2 Helper and to get access to a sample checklist to update your Part 2 consents!

CMS Issues Telehealth Encounter Guidance for Quality Reporting Programs

CMS Issues Telehealth Encounter Guidance for Quality Reporting Programs

New telehealth encounter guidance is available for the Promoting Interoperability Programs and Quality Payment Program. There are 42 telehealth codes eligible for inclusion within the eligible professional/eligible clinician eCQMs for the 2020 performance period. For the 2021 performance period, 39 telehealth codes would be eligible, however, there are also additional eCQMs identified as not eligible for telehealth encounters.

Why Privacy & Consent Will Remain a Central Hurdle to Health Info Exchange Despite the Info Blocking Rule

Why Privacy & Consent Will Remain a Central Hurdle to Health Info Exchange Despite the Info Blocking Rule

Under the Privacy Exception, an Actor is permitted to not fulfill a request received to access, exchange, or use EHI to protect an individual’s privacy. The sub-exception for a “precondition-not-satisfied” will continue to put state laws governing privacy and consent at the center of decisions about whether EHI will be shared with third parties. Healthcare providers and HIEs/HINs especially will need to ensure that they have identified and analyzed each legal precondition to the release of EHI that is applicable to the particular type of entity and type of information that is implicated.

Is Your Organization Ready to Send Patient Information to Apps by November?

Is Your Organization Ready to Send Patient Information to Apps by November?

Becker’s Hospital Review reported that 70% of CIOs are “concerned” about meeting the upcoming November 2nd deadline for complying with the Final Rules prohibiting information blocking practices. This is according to a survey conducted by CHIME, which included responses from executives at academic medical centers, critical access hospitals, multi-hospital systems and specialty hospitals.  Although the survey did not appear to identify specifically what concerns CIOs about complying with information blocking rules by this fall, one possibility is fully understanding how ONC’s information blocking rules will apply to releasing patients’ EHI to third-party apps.

WEBINAR:  Learn Which HIPAA Policies to Revise for ONC’s New Information Blocking Rule, Plus More!

WEBINAR: Learn Which HIPAA Policies to Revise for ONC’s New Information Blocking Rule, Plus More!

Join the NJ Chapter of HIMSS and Helen Oscislawski for this Webinar to get a lean and focused overview of what you need to do to comply with ONC’s and CMS’s final rules implementing the 21st Century Cures Act. On April 24, 2020, the OIG also released its Proposed Rule on CMPs to be imposed against Actors who engage in prohibited “Information Blocking.” These new rules turn on their heads certain HIPAA policies and procedures.

New HHS Guidance on Laboratory COVID-19 Data Reporting Recognizes Valuable Role of HIEs

New HHS Guidance on Laboratory COVID-19 Data Reporting Recognizes Valuable Role of HIEs

Late last week, HHS published new Guidance that specifies what additional data must be reported by laboratories along with COVID-19 test results.  Reporting of certain data elements by laboratories are legally required, while reporting of other identifiable demographic data is encouraged but not mandatory. The Guidance notes that state and local privacy standards apply to the collection of identifiable demographic data. Importantly, HHS expressly supports health information exchanges (HIEs) being leveraged to facilitate required data collection and reporting.

5 Reasons Why Your Training is Not Preventing HIPAA Violations by Employees

5 Reasons Why Your Training is Not Preventing HIPAA Violations by Employees

A State Court of Appeals recently reinstated a patient’s claim that an Indiana hospital is vicariously liable for the actions of its employee who shared the patient’s confidential information with an unauthorized third party.  Although the lower court originally dismissed the case, the appellate court found that there is a “genuine issue of fact” and remanded the case for further proceedings.  Now a potential monetary settlement teeters on the edge as the hospital’s potential liability for this employee’s HIPAA non-compliance rests in the hands of further proceedings in the lower court – so, you might want to ask why did this happen in the first place?

* HIPAA Training that is too basic and not focused on specific risk areas and organizational policies is not only non-compliant, but also largely ineffective. 

* HIPAA covered entities should have clear policies and training that address specific employee behaviors that are “high risk” for HIPAA violations. 

* Organizations must make sure they are training EVERYONE, and implementing effective Security Reminders.

“To Block, or Not to Block,” that is the question…

“To Block, or Not to Block,” that is the question…

Deciding whether “to block, or not to block” health information based on an exception laid out in ONC’s Final Rule can quickly turn into a Shakespearean tragedy unless Actors understand in advance the specific criteria that must be met in order to satisfy any such applicable exception.

Subscribe & Survive the onslaught of new healthcare regulations requiring updates to affected compliance programs.

Get access to exclusive subscription-only access to resources, tools, industry analysis and other valuable solutions.