Search Publications:
Health Law Alert
2012: Issue 1 – Focus on HIPAA/Privacy
Uncertainty Regarding eRx Hardship Exemption Requests to Continue in 2012
By: Joshua J. Freemire and James B. Wieland
2012 will not, unfortunately, bring certainty to the many providers who submitted hardship exemption requests for the electronic prescribing incentive program (commonly called “eRx”). Although the deadline for submissions for hardship exemptions was extended (as is further described in our bulletin), recent emailed notices from CMS indicate that the overwhelming number of requests will prevent notices from being sent to providers regarding the status of their exemptions. Accordingly, many providers will spend at least part of 2012 uncertain whether they are or are not being penalized 1 percent of their 2012 Part B fees for their failure to become “successful electronic prescribers.”
Click to continue...Is Your Research Data Safe? Aligning HIPAA and the Common Rule
By: Sarah E. Swank
Last summer, the United States Department of Health and Human Services (HHS) sought comments on potential revisions to the Common Rule [PDF] after over two decades of virtually no change. In the advanced notice of proposed rule making [PDF] related to the Common Rule, HHS sought to address concerns about institutional review boards’ (IRBs) review of informational risk, or those risks related to unauthorized release of research subject data, with the goal of balancing the protection provided by IRBs to human subjects with the progression of research. HHS looked to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its privacy and security standards as a potential framework to ensure these protections. In addition, HHS focused on the heightened risk in areas such as genetic research and sought feedback on future use biospecimens (such as tissue) and consent requirements.
Click to continue...HIPAA Considerations in Evaluating Cloud Computing
By: Joshua J. Freemire and James B. Wieland
Cloud computing is a hot topic in business (including the health care business) due in large measure to the potential cost savings involved. Health care providers, however, have to consider more than just cost savings. At base, cloud computing is not a new concept and the HIPAA security risks it poses are not new. However, the risks arise in a new context. Providers interested in cloud computing will need to familiarize themselves with the new technological environment to best address the risks and formulate appropriate agreements and compliance structures.
Click to continue...California (and Texas) Increase Privacy Requirements
By: Joshua J. Freemire and James B. Wieland
In 2012, new statutes in California and Texas will require that providers make state-specific changes to their existing privacy compliance procedures. The changes made in California are detailed below. Texas’s new law is addressed in "Texas (and California) Increase Privacy Requirements."
California’s Senate Bill 24 (SB 24), which took effect on January 1, 2012, makes substantial modifications to sections 1798.29 and 1798.82 of the Civil Code, two of the state’s several data breach notification laws. Section 1798.82 applies to any person or business that conducts business in California, and in effect appears to serve as the state’s “floor” provision, applying certain data breach reporting responsibilities to essentially every entity doing business in the state. In addition, under existing California law, certain licensed health care providers are subject to separate, additional breach notification law – Health & Safety Code § 1280.15, for example, which imposes additional specific obligations (including a five-day disclosure deadline) on the specifically identified entity types. SB 24 makes no changes to these existing requirements.
Click to continue...Texas (and California) Increase Privacy Requirements
By: Joshua J. Freemire and James B. Wieland
By now, most providers are well aware that national privacy and security obligations exist on at least two levels. Federal statutes and regulations get the most publicity and dominate most providers’ compliance programs, but state obligations often exist in addition to the more familiar federal structure of HIPAA and HITECH. Providers who do business in multiple jurisdictions must remain vigilant for changes in these state laws, which often require compliance responses unique to the state at issue, particularly in terms of timing, content and basis for notices to individuals that their personal information has been disclosed improperly. In 2012, new statutes in Texas and California will require precisely this sort of state-specific updating to existing compliance programs and procedures. The changes made in Texas are described below. An analysis of California’s new law is available in "California (and Texas) Increase Privacy Requirements."
Click to continue...Getting Paid Faster and Easier: New HIPAA Electronic Transfer Standards Rule
By: Sarah E. Swank
The Affordable Care Act (ACA), as part of its cost containment efforts, empowered the Secretary of the Department of Health and Human Services (HHS) to adopt electronic transfer standards in an interim final rule with comment period amending the Health Insurance Portability and Accountability Act of 1996 (HIPAA) electronic transaction standards. HHS did so on January 10, 2012, in a new final interim rule entitled Adoption of Health Standards For Health Care Electronic Funds Transfer and Remittance Advice. The ACA This final interim rule is slated to save hospitals and physicians time and money on billing matters, allowing them to focus on delivery of quality care to patients. Comments are due March 12, 2012. The rule went into effect on January 10, 2012 and health plans covered by HIPAA must comply by January 1, 2014.
Click to continue...
