Legislation & Rulemaking | Legal Health Information Exchange

AHA Writes Letter to HHS and Pushes Back on OCR’s Online Tracking Guidance

AHA Writes Letter to HHS and Pushes Back on OCR’s Online Tracking Guidance

by Helen Oscislawski | May 30, 2023 | Data Breach Laws, FTC (Federal Trade Commission), Government Enforcement, Legislation & Rulemaking

After OCR created a Morton’s Fork for hospitals and health systems by publishing its HIPAA Guidance on the Use of Online Tracking Technologies, the American Hospital Association initially stayed out of the fray. Not any more. In its letter dated May 22, 2023, AHA makes its case to HHS as to why OCR’s Online Tracking Guidance should be suspended or amended.

Are We Getting Closer to Alignment of 42 CFR Part 2 & HIPAA?

Are We Getting Closer to Alignment of 42 CFR Part 2 & HIPAA?

by Helen Oscislawski | Nov 29, 2022 | 42 CFR Part 2, HIPAA, Legislation & Rulemaking, Privacy & Consent

SAMHSA finally fulfilled its duty under the CARES Act & releases a Proposed Rule “Confidentiality of Substance Use Disorder (SUD) Patient Records” amending the Part 2 rules in line with the CARES Act’s requirements. This is the 4th overhaul of the Part 2 Rule in 5 years…

Our Stockings are Stuffed with Compliance Tools

Our Stockings are Stuffed with Compliance Tools

by Helen Oscislawski | Dec 23, 2020 | 42 CFR Part 2, GDPR, HIE & HIN, HIPAA, Legislation & Rulemaking

Seasons Greetings to all of our readers! First, we want to wish you and yours a holiday season filled with health, happiness and hope! We also want to thank you all for continuing to make Legal HIE such a popular and highly visited blog! It puts a smile on our face seeing so many of you enjoying our posts and returning to our site often!

As stockings are being hung by chimneys with care, we want to make sure you know that Legal HIE’s stockings are absolutely stuffed to the brim with tremendous tools, sample forms, polices and turn-key solutions that can help your organization stay on top of the most pressing compliance challenges, and ever-changing healthcare regulatory landscape. 2021 promises to be a year with many new and final regulations going into effect, and being released. The Legal HIE compliance library was created specifically for this purpose – to help busy and overwhelmed compliance officers and attorneys keep up with these changes by offering turn-key samples and solutions as a solid starting point.

A “Double-Double” Set of Proposed Rules from CMS & OCR Affecting Data Sharing & HIPAA

A “Double-Double” Set of Proposed Rules from CMS & OCR Affecting Data Sharing & HIPAA

by Helen Oscislawski | Dec 14, 2020 | CMS Proposed Rule, HIPAA, HIPAA Privacy, Information Blocking, Legislation & Rulemaking

Late last week, two new proposed rules were released which will affect the exchange of health information and HIPAA, among other things. The CMS and OCR proposed rules come in at over 347 and 357 pages respectively – so that’s a lot of meat to digest! At a high level, the CMS Proposed Rule aims to “improve the electronic exchange of health care data among payers, providers, and patients,” and “streamline processes related to prior authorization to reduce burden on providers and patients.” The OCR proposed changes to HIPAA take a bite out of patient access, minimum necessary, the HIPAA NPP and more . . .

CMS Extends Publication Deadline for Stark Law Changes

CMS Extends Publication Deadline for Stark Law Changes

by Krystyna Monticello | Sep 14, 2020 | Anti-Kickback Statute, CMS Proposed Rule, Government Enforcement, Legislation & Rulemaking, OIG Proposed Rule, Other, Stark Law

At the last hour, CMS extended the deadline for publishing much anticipated changes to the Stark Law. Originally expected for publication this past August, CMS extended the deadline to August 2021, noting that “… we are still working through the complexity of the issues raised by comments received on the proposed rule and therefore we are not able to meet the announced publication target date.” Together with the OIG’s counterpart rule, the proposed rules contain the potential for significant modernization of the Stark Law and Anti-kickback Statute as part of the “Regulatory Spring to Coordinated Care” as well as increased alignment and coordination between the two sets of laws.

Big Changes to Big Breaches of Data and Notification Requirements Coming Soon!

Big Changes to Big Breaches of Data and Notification Requirements Coming Soon!

by Helen Oscislawski | Aug 21, 2020 | 42 CFR Part 2, Data Breach Laws, Legislation & Rulemaking

Yesterday, the period for public comment on the FTC’s Health Breach Notification Rule closed. The FTC’s Health Breach Notification Rule requires vendors of PHRs and PHR-related entities to notify the FTC if they experience a breach of security involving unsecured health information. Another area of change to Breach Notification is arising out of the CARES Act which was was enacted into law on March 27, 2020 and is making significant changes 42 C.F.R. Part 2. Among other changes that the CARES Act is introducing, it creates an entirely new obligation on Part 2 providers to notify SAMHSA of uses and disclosures of Part 2 data in any manner not authorized under Part 2! To date, 42 CFR Part 2 did NOT include an independent obligation to report or notify any agency (i.e., SAMHSA or HHS) of any use or disclosure of Part 2 information which was in violation of 42 CFR Part 2.

Bill Aimed at Regulating COVID-19 Notification Apps Introduced in the Senate

Bill Aimed at Regulating COVID-19 Notification Apps Introduced in the Senate

by Krystyna Monticello | Jun 5, 2020 | COVID-19, Health IT, Legislation & Rulemaking, Privacy & Consent

The Exposure Notification Privacy Act (“ENPA”) was introduced in the Senate on June 1 in an effort to regulate the growth of contact tracing applications and similar automated notification tracking. The ENPA aims to regulate websites, apps and similar services...

CMS Extends Publication Deadline for Stark Law Changes

Changes on the Horizon for Part 2 Confidentiality Regulations

by Krystyna Monticello | May 22, 2020 | 42 CFR Part 2, HIE & HIN, Legislation & Rulemaking, Privacy & Consent

As part of its comprehensive COVID-19 response, Congress quietly passed through changes to the federal drug and alcohol confidentiality framework known as “Part 2” under the CARES Act, enacted on March 27. One of the more underreported components of the CARES Act, the changes do not completely overhaul the Part 2 regulations, however, they relax several restrictions that health care providers have struggled with, particularly in the electronic exchange and electronic health records (“EHR”) context (the “CARES Act Changes”).

OIG issues Proposed Rule for Civil Monetary Penalties for Information Blocking

OIG issues Proposed Rule for Civil Monetary Penalties for Information Blocking

by Helen Oscislawski | Apr 25, 2020 | Information Blocking, Legislation & Rulemaking

On Friday, April 24th, the Office of Inspector General (OIG) of HHS published a Proposed Rule to amend the civil monetary penalties (CMP) rules to incorporate new authorities for investigating and assessing monetary penalties for Information Blocking violations.

ONC Delays Enforcement of the Information Blocking Certification Provisions of its CURES Act Final Rule for 3 months

ONC Delays Enforcement of the Information Blocking Certification Provisions of its CURES Act Final Rule for 3 months

by Helen Oscislawski | Apr 22, 2020 | Health IT, Information Blocking, Legislation & Rulemaking

Today, ONC announced that it will exercise its discretion in enforcing all new requirements under its Cures Act Final Rule which have compliance dates and time frames until 3 months after each such date identified in the Final Rule. The ONC Final Rule is scheduled to be published on May 1, 2020 in the Federal Register. The ONC has developed an “Enforcement Discretion Dates and Time frames” chart which indicates that the Part 170 Information Blocking provisions will have a compliance Enforcement Discretion Date of February 1, 2021.

Proposed Rules Extend EHR Donation Sunsets for Stark and Anti-Kickback

by Krystyna Monticello | Apr 22, 2013 | Legislation & Rulemaking, Other

Proposed Rules Extend EHR Donation Sunsets for Stark and Anti-Kickback Earlier this month, CMS and OIG proposed amendments to and extension of the temporary Stark exception and Anti-kickback safe harbor for electronic health record (EHR) donations to physicians. The Proposed EHR Rules...

What Do I Need To Do to Comply with the HITECH Omnibus Rule? (the short version, please)

What Do I Need To Do to Comply with the HITECH Omnibus Rule? (the short version, please)

by Helen Oscislawski | Mar 4, 2013 | HIPAA, Legislation & Rulemaking

What Do I Need To Do to Comply with the HITECH Omnibus Rule? (the short version, please) The HITECH Omnibus Rule clocked-in at 563 pages, and we have read, digested and condensed the nuts and bolts for you here in our February 2013 edition of our Health Law Diagnosis newsletter. But if...

FINALLY! HHS Releases the Final HIPAA/HITECH Omnibus Rule.

by Helen Oscislawski | Jan 18, 2013 | HIPAA, Legislation & Rulemaking

FINALLY! HHS Releases the Final HIPAA/HITECH Omnibus Rule. Finally, the long awaited Final Rules are out. The Department of Health and Human Services (HHS) posted the HIPAA/HITECH “Omnibus Rule” on January 17, 2013 at 4:15 pm. You can download a copy here, or go straight to the source...

« Older Entries

Archives

Categories

42 CFR Part 2 (8)
Anti-Kickback Statute (1)
Care Coordination (1)
CMS Proposed Rule (2)
COVID-19 (14)
Data Breach Laws (24)
FTC (Federal Trade Commission) (3)
GDPR (2)
Government Enforcement (46)
Health IT (27)
HIE & HIN (45)
HIPAA (67)
- Business Associates (2)
- HIPAA Breach Notification (1)
- HIPAA Privacy (11)
- HIPAA Security (6)
Information Blocking (30)
Lawsuits (28)
Legislation & Rulemaking (29)
Meaningful Use & Quality Payment Program (39)
OIG Proposed Rule (1)
Other (17)
Privacy & Consent (44)
Research (1)
Security & Cybersecurity (5)
Stark Law (1)
Telehealth/Telemedicine (2)
Tools & Resources (5)
Webinars & Education (10)