Legal HIE has Relaunched with a NEW Membership Subscription Option!
Welcome (or, to some, “welcome back”) to Legal...
OIG issues Proposed Rule for Civil Monetary Penalties for Information Blocking
On Friday, April 24th, the Office of Inspector General (OIG) of HHS published a Proposed Rule to amend the civil monetary penalties (CMP) rules to incorporate new authorities for investigating and assessing monetary penalties for Information Blocking violations.
ONC Delays Enforcement of the Information Blocking Certification Provisions of its CURES Act Final Rule for 3 months
Today, ONC announced that it will exercise its discretion in enforcing all new requirements under its Cures Act Final Rule which have compliance dates and time frames until 3 months after each such date identified in the Final Rule. The ONC Final Rule is scheduled to be published on May 1, 2020 in the Federal Register. The ONC has developed an “Enforcement Discretion Dates and Time frames” chart which indicates that the Part 170 Information Blocking provisions will have a compliance Enforcement Discretion Date of February 1, 2021.
Summary List of COVID19-related Federal Actions Relevant to Healthcare
As efforts at the federal and individual states level evolve every day at almost a breakneck pace to address challenges and needs related to the COVID-19 outbreak, here is a running list of some of the top actions taken at the federal level that we thought would be helpful to the healthcare industry (Caveat, this is not an exhaustive list): [updated: July, 28, 2021]
HHS Notification of Enforcement Discretion Regarding COVID-19 Community Based Testing sites
On April 9th, HHS announced a new Notification...
Do I Need a HIPAA Business Associate Agreement?
A HIPAA “Business Associate” is a person, other than a member of the workforce, who creates, receives, maintains or transmits PHI in the performance of services or functions for or on behalf of a Covered Entity. Treatment and Payment disclosures do NOT create a HIPAA BA relationship. Conduits are not HIPAA BAs, but the exception is very narrow. Covered Entities should review each HIPAA BA Agreement is needed, or not.
OCR Permits HIPAA BAs to Share COVID19-related PHI Directly for Public Health and Oversight
On April 2nd, HHS announced a new “Notification...
NJ Expands Access to Telehealth & Tele-Mental Health
Last night, the State of New Jersey announced...
HIPAA Relaxed during COVID-19 Pandemic
The events unfolding with respect to COVID-19...
OCR Delivers a Quintuplet of HIPAA Resolutions – Sets the Tone for Providers Blocking Patients’ Access to PHI
Yesterday, all at once, OCR announced that it has entered into five new Resolution Agreements — each of them stemming from one or more violations of HIPAA’s right of access afforded to individuals. There are several interesting observations about these new cases that are worth taking note of.
CMS Extends Publication Deadline for Stark Law Changes
At the last hour, CMS extended the deadline for publishing much anticipated changes to the Stark Law. Originally expected for publication this past August, CMS extended the deadline to August 2021, noting that “… we are still working through the complexity of the issues raised by comments received on the proposed rule and therefore we are not able to meet the announced publication target date.” Together with the OIG’s counterpart rule, the proposed rules contain the potential for significant modernization of the Stark Law and Anti-kickback Statute as part of the “Regulatory Spring to Coordinated Care” as well as increased alignment and coordination between the two sets of laws.
Join Seton Hall Law & Helen Oscislawski & Other Esteemed Speakers on September 17th for Panel Discussions on Balancing Privacy and Public Health in a COVID-19 World
Seton Hall Law’s Institute for Privacy Protection and Gibbons Institute of Law, Science & Technology is hosting a Virtual Event on September 17th with legal academics, practitioners, and government officials who will evaluate the impact of the COVID-19 pandemic on privacy and intellectual property. Panel One speakers will discuss balancing privacy & public health; Panel Two will discuss Intellectual Property – incentives to access to vaccines & treatments.
OCR Puts the Summer HIPAA Heat on Two Organizations with New Resolution Agreements
After over almost four months of no new HIPAA Resolution Agreements or Civil Money Penalties, OCR quietly posted two new HIPAA settlement agreements at the end of July. At first glance, both appear to be “run-of-the-mill” cases with nothing much new to learn with the first one resulting in OCR finding that the covered entity failed to even complete a basic Security Risk Analysis and training of workforce, and the other involving – yes, yet again – a stolen unencrypted laptop. However, the second case in particular deserves closer examination where it has embedded in it more complex corporate structure and liability issues where it actually involved two legally separate covered entities that elected to designated themselves as a single covered entity for purposes of HIPAA. Let’s look at each case separately.
Big Changes to Big Breaches of Data and Notification Requirements Coming Soon!
Yesterday, the period for public comment on the FTC’s Health Breach Notification Rule closed. The FTC’s Health Breach Notification Rule requires vendors of PHRs and PHR-related entities to notify the FTC if they experience a breach of security involving unsecured health information. Another area of change to Breach Notification is arising out of the CARES Act which was was enacted into law on March 27, 2020 and is making significant changes 42 C.F.R. Part 2. Among other changes that the CARES Act is introducing, it creates an entirely new obligation on Part 2 providers to notify SAMHSA of uses and disclosures of Part 2 data in any manner not authorized under Part 2! To date, 42 CFR Part 2 did NOT include an independent obligation to report or notify any agency (i.e., SAMHSA or HHS) of any use or disclosure of Part 2 information which was in violation of 42 CFR Part 2.
ONC Just Announced a New HIE Funding Opportunity for HIE Services Benefiting Public Health & COVID-19
The award will allocate $2.5M to fund up to 5 awards (in the amount of up to $500K EACH) with a period of performance of up to 2 years in the form of cooperative agreements with funding contingent upon availability of funds, satisfactory completion of milestones, and a determination that continued funding is in the best interest of the federal government and the public. SHORT TURN AROUND! Deadline is September 1, 2020 to get Applications in.
Subscribe & Survive the onslaught of new healthcare regulations requiring updates to affected compliance programs.
Get access to exclusive subscription-only access to resources, tools, industry analysis and other valuable solutions.