Our Stockings are Stuffed with Compliance Tools

Our Stockings are Stuffed with Compliance Tools

by | Dec 23, 2020 | , , , ,

Seasons Greetings to all of our readers!  First, we want to wish you and yours a holiday season filled with health, happiness and hope!  We also want to thank you all for continuing to make Legal HIE such a popular and highly visited blog!  It puts a smile on our face seeing so many of you enjoying our posts and returning to our site often!  

As stockings are being hung by chimneys with care, we want to make sure you know that Legal HIE’s stockings are absolutely stuffed to the brim with tremendous tools, sample forms, polices and turn-key solutions that can help your organization stay on top of the most pressing compliance challenges, and ever-changing healthcare regulatory landscape. 2021 promises to be a year with many new and final regulations going into effect, and being released. The Legal HIE compliance library was created specifically for this purpose – to help busy and overwhelmed compliance officers and attorneys keep up with these changes by offering turn-key samples and solutions as a solid starting point.

read more
OCR Publishes New Guidance on Sharing PHI through HIEs for Public Health Purposes

OCR Publishes New Guidance on Sharing PHI through HIEs for Public Health Purposes

by | Dec 21, 2020 | , ,

Last Friday, the Office for Civil Rights (OCR) issued new Guidance on how HIPAA permits covered entities and their business associates to use health information exchanges (HIEs) to disclose PHI for the public health activities of a Public Health Authority (PHA).  Specifically, it provides examples relevant to the COVID-19 public health emergency. OCR Director, Roger Severino, specifically notes that the Guidance was issued:

“to highlight how HIPAA supports the use of health information exchanges in sharing health data to improve the public’s health, particularly during the COVID-19 public health emergency.”.

Although much of the Guidance document simply reiterates the controlling HIPAA Privacy Rule provisions and definitions which have always afforded a mechanism through which covered entities (CE) and their contracted business associates (BA) can share ePHI with a public health authority for public health purposes, there are a few notable new take-away nuggets.

read more
A “Double-Double” Set of Proposed Rules from CMS & OCR Affecting Data Sharing & HIPAA

A “Double-Double” Set of Proposed Rules from CMS & OCR Affecting Data Sharing & HIPAA

by | Dec 14, 2020 | , , , ,

Late last week, two new proposed rules were released which will affect the exchange of health information and HIPAA, among other things.  The CMS and OCR proposed rules come in at over 347 and 357 pages respectively – so that’s a lot of meat to digest!  At a high level, the CMS Proposed Rule aims to “improve the electronic exchange of health care data among payers, providers, and patients,” and “streamline processes related to prior authorization to reduce burden on providers and patients.” The OCR proposed changes to HIPAA take a bite out of patient access, minimum necessary, the HIPAA NPP and more . . .

read more
ONC Releases Answers to Frequently Asked Questions to Information Blocking

ONC Releases Answers to Frequently Asked Questions to Information Blocking

by | Nov 4, 2020 | ,

On Monday, ONC posted a new Information Blocking Frequently Asked Questions resource!  Here are a few of the highlights from all of the FAQs responded to by ONC:

Q:  Are health plans or other payers subject to the information blocking regulation?

Q: For the period of time when Information Blocking is limited to USCDI data, how is an Actor expected to fulfill a request for USCDI data if they do not yet have certified health IT in place that includes an API with the USCDI standard?

Q: Is an Actor required to fulfill a request for access, exchange or use of EHI with all the EHI they have for a patient or should the amount of EHI be based on the details of the request?

read more
Halloween Treat! HHS Delays Information Blocking Compliance Deadline to April 5, 2021!

Halloween Treat! HHS Delays Information Blocking Compliance Deadline to April 5, 2021!

by | Oct 28, 2020 |

Interim Final Rule with Comment Period Responds to COVID-19 Pandemic. Responding to public health threats posed by the coronavirus pandemic, today the U.S. Department of Health and Human Services’ (HHS) Office of the National Coordinator for Health IT (ONC) released an interim final rule with comment period that extends the compliance dates and timeframes necessary to meet certain requirements related to information blocking and Conditions and Maintenance of Certification (CoC/MoC) requirements.

read more
Who is on the “Hook” for Information Blocking?

Who is on the “Hook” for Information Blocking?

by | Oct 21, 2020 | ,

ONC’s final rule on Information Blocking implements the 21st Century Cures Act and fleshes out what is and is not a prohibited information blocking practice.  However, not all health care organizations and their vendors are on the hook for complying with this new regulation. In my post today, I want to drill down on the scope of health care providers that must comply with the Information Blocking Rule.

read more
Per ONC, Lab Results Generally Cannot be Delayed to “Prevent Harm” (unless threat to life & physical safety)

Per ONC, Lab Results Generally Cannot be Delayed to “Prevent Harm” (unless threat to life & physical safety)

by | Oct 8, 2020 | ,

As the November 2nd deadline for compliance with ONC’s Information Blocking Rule nears, many health care providers – which are “Actors” subject to the Rule – are scrambling to reexamine their default settings for sharing various types of data, including lab results. In ONC’s Final Rule preamble, several commenters indicated that providers’ current organizational policies call for practices that delay the release of laboratory results so that the patient’s clinician has an opportunity to review the results before potentially needing to respond to patient questions, or has an opportunity to communicate the results to the patient in a way that builds the clinician-patient relationship.

read more
Info Blocking Rules have you STRESSED?!! Join Helen O. for Two Not-to-Miss Workshops for Help!

Info Blocking Rules have you STRESSED?!! Join Helen O. for Two Not-to-Miss Workshops for Help!

by | Sep 23, 2020 | , , , ,

Join me for a pair of 1.5hr Information Blocking Workshops designed to work thorough the nitty-gritty details of the Information Blocking Rule.  The first Workshop will take place WEDNESDAY (9/30) so don’t delay! Workshops will include use cases and scenarios aimed at real challenges faced by health care providers looking to comply with these new regulatory standards for access and sharing of electronic health information. Registrants will receive 2 sample P&Ps, and much more!

read more
OCR Delivers a Quintuplet of HIPAA Resolutions – Sets the Tone for Providers Blocking Patients’ Access to PHI

OCR Delivers a Quintuplet of HIPAA Resolutions – Sets the Tone for Providers Blocking Patients’ Access to PHI

by | Sep 16, 2020 | , ,

Yesterday, all at once, OCR announced that it has entered into five new Resolution Agreements — each of them stemming from one or more violations of HIPAA’s right of  access afforded to individuals. There are several interesting observations about these new cases that are worth taking note of.

read more
Join Seton Hall Law & Helen Oscislawski & Other Esteemed Speakers on September 17th for Panel Discussions on Balancing Privacy and Public Health in a COVID-19 World

Join Seton Hall Law & Helen Oscislawski & Other Esteemed Speakers on September 17th for Panel Discussions on Balancing Privacy and Public Health in a COVID-19 World

by | Sep 11, 2020 | , ,

Seton Hall Law’s Institute for Privacy Protection and Gibbons Institute of Law, Science & Technology is hosting a Virtual Event on September 17th with legal academics, practitioners, and government officials who will evaluate the impact of the COVID-19 pandemic on privacy and intellectual property. Panel One speakers will discuss balancing privacy & public health; Panel Two will discuss Intellectual Property – incentives to access to vaccines & treatments.

read more
OCR Puts the Summer HIPAA Heat on Two Organizations with New Resolution Agreements

OCR Puts the Summer HIPAA Heat on Two Organizations with New Resolution Agreements

by | Sep 4, 2020 | ,

After over almost four months of no new HIPAA Resolution Agreements or Civil Money Penalties, OCR quietly posted two new HIPAA settlement agreements at the end of July.  At first glance, both appear to be “run-of-the-mill” cases with nothing much new to learn with the first one resulting in OCR finding that the covered entity failed to even complete a basic Security Risk Analysis and training of workforce, and the other involving – yes, yet again – a stolen unencrypted laptop.  However, the second case in particular deserves closer examination where it has embedded in it more complex corporate structure and liability issues where it actually involved two legally separate covered entities that elected to designated themselves as a single covered entity for purposes of HIPAA.  Let’s look at each case separately.

read more
Big Changes to Big Breaches of Data and Notification Requirements Coming Soon!

Big Changes to Big Breaches of Data and Notification Requirements Coming Soon!

by | Aug 21, 2020 | , ,

Yesterday, the period for public comment on the FTC’s Health Breach Notification Rule closed.  The FTC’s Health Breach Notification Rule requires vendors of PHRs and PHR-related entities to notify the FTC if they experience a breach of security involving unsecured health information. Another area of change to Breach Notification is arising out of the CARES Act which was was enacted into law on March 27, 2020 and is making significant changes 42 C.F.R. Part 2.  Among other changes that the CARES Act is introducing, it creates an entirely new obligation on Part 2 providers to notify SAMHSA of uses and disclosures of Part 2 data in any manner not authorized under Part 2!  To date, 42 CFR Part 2 did NOT include an independent obligation to report or notify any agency (i.e., SAMHSA or HHS) of any use or disclosure of Part 2 information which was in violation of 42 CFR  Part 2.

read more
ONC Just Announced a New HIE Funding Opportunity for HIE Services Benefiting Public Health & COVID-19

ONC Just Announced a New HIE Funding Opportunity for HIE Services Benefiting Public Health & COVID-19

by | Aug 12, 2020 | ,

The award will allocate $2.5M to fund up to 5 awards (in the amount of up to $500K EACH) with a period of performance of up to 2 years in the form of cooperative agreements with funding contingent upon availability of funds, satisfactory completion of milestones, and a determination that continued funding is in the best interest of the federal government and the public. SHORT TURN AROUND! Deadline is September 1, 2020 to get Applications in.

read more
Looks Like the FTC Is Ramping up for Enforcement of Health Apps

Looks Like the FTC Is Ramping up for Enforcement of Health Apps

by | Jul 24, 2020 | , ,

This past Tuesday the FTC hosted its 5th annual PrivacyCon. It was a GREAT event!  The full-day event covered a wide-range of cutting edge and titillating issues concerning the privacy of data in this day and age of rapidly accelerating technology.  However, it was the morning session which covered Health Apps that interested me the most. In his opening remarks, the Director of FTC’s Bureau of Consumer Protection, Andrew Smith, came out-of-the-gate pointing out that earlier this year HHS issued rules that will make it easier for consumers to access their medical records through the app of their choice, and while this expanded access to health information can be an enormous benefit to consumers – wherever data flow opportunities increase, the opportunities for data compromise increase as well. Director Smith concluded his opening remarks by stating “We at the FTC will not hesitate to take action when companies misrepresent what they are doing with consumers’ health information or otherwise put health data at undue risk . . .” Here is what I learned from the four-person panel of experts who discussed the ins-and-outs of Health Apps and potential direction of the FTC will take with enforcement.

read more
Don’t Wait to Understand How “FHIR” Will Transform Health Information Exchange, or You’ll Feel the Heat When it Ignites!

Don’t Wait to Understand How “FHIR” Will Transform Health Information Exchange, or You’ll Feel the Heat When it Ignites!

by | Jul 14, 2020 | , ,

CMS & ONC have promulgated their Final Rules to implement the 21st Century Cures Act. A main goal is to accelerate the access, exchange and use of electronic health information (EHI).  One way this is being accomplished is to require certain entities and actors to provide Application Programming Interfaces (APIs) that use a new standard for data access and exchange called Fast Healthcare Interoperability Resources (aka “FHIR”).  These new standards for adopting FHIR for information exchange is expected to exponentially accelerate individuals ability to access and share EHI through mobile apps, as well as allow any third-party adopting such FHIR standards to obtain access to such EHI. Especially for HIPAA Privacy Officers, Security Officers, Compliance Officers and attorneys who have for years focused on ensuring that their organizations do not make the mistake of releasing protected health information to a third-party in violation of federal or state privacy and security laws, I feel your pain on FHIR! 

read more