Health Law Gurus

Health Law Gurus

Health Law: News,
Commentary & Insights

Antidotes for America’s Addiction Crisis

Posted in Fraud and Abuse, OIG Fraud Alert, Prescription Drugs and Medical Devices, Trends

Opioid addiction and abuse has exploded into a national epidemic. Every three weeks, America faces a death toll equivalent to the September 11th attacks due to drug overdoses, 75 percent of which are from opioid use. With more Americans dying each year from drug overdoses than gun violence and car crashes combined, the issue has been catapulted to the forefront of national policy. According to the Centers for Disease Control and Prevention (CDC), one of the biggest sources of opioid addiction has been the extensive use of opioid painkillers in clinical treatment. A recent report from the CDC found that enough opioids were prescribed in 2015 “for every American to be medicated around the clock for 3 weeks.” Therefore, the government and public health policy makers have looked for ways of reducing the use of opioids in clinical care to diminish increases in addiction. Continue Reading

The Doctor Is In – or Better Be, to Satisfy PA’s New Informed Consent Requirements

Posted in Compliance Issues, Medical Records, News from the Health Law Gurus, Pennsylvania, Physician Practice Models

With the increased presence of qualified staff members in a physician’s office and the constant time-pressure on physicians, many patients rely heavily on individuals other than the physician to answer questions about medications, procedures, and treatment plans. Physicians, in turn, lean heavily on qualified staff members to ensure patients have access to adequate information and to foster the provision of high quality and cost-effective care. However, a ruling by the Supreme Court of Pennsylvania last week has greatly altered the practice of obtaining informed consent in Pennsylvania. As of June 20, 2017, physicians are now required to personally obtain informed consent from patients and to answer patients’ questions themselves. Continue Reading

Anchors Away! Physical Therapists Rejoice (and Book a Tropical Getaway) as CMS Extends Locum Tenens Arrangements

Posted in Legislation, Medicare, News from the Health Law Gurus, Regulations, Trends

Even doctors get sick sometimes, or need to take a vacation, and when they do, patients are not seen and billing does not happen. Cue locum tenens – a system used by providers to ensure continuity of care and revenue when providers need to complete continuing medical education requirements or take time off for vacations or medical or maternity leave. Continue Reading

Organizations Want to Cry After WannaCry Ransomware Attacks

Posted in Cybersecurity, HIPAA, HITECH, Privacy, Security, Trends

Earlier this month a massive ransomware attack spread throughout 150 countries, infecting 300,000 computers and crippling businesses across the globe. The ransomware, called “Wannacry,” infiltrated a variety of institutions, encrypting the user’s files and demanding payment of $300-$600 in bitcoin to unfreeze files. Hundreds of hospitals and health clinics in the British National Health Service were infiltrated by the WannaCry ransomware. As a result, the National Health Service was required to reroute patients and reschedule surgeries and appointments while its files were encrypted. As evidenced by the WannaCry attack and the increasing frequency of ransomware attacks, particularly ransomware attacks targeting hospitals, health care entities need to be vigilant regarding the secure storage of patient information, and proactive to ensure patient continuity of care in case of a ransomware attack. Continue Reading

Securing ePHI in a Mobile Health World

Posted in HIPAA, Privacy, Security, Technology, Telemedicine

Could a lost cell phone or laptop cost your organization millions of dollars?

Mobile devices have enabled vast improvements in the efficiency and quality of healthcare delivery. Through the use of mobile devices, patients and providers can access real-time information that can lead to better health outcomes through improving medication compliance and understanding of treatment instructions, increasing access to care through telehealth and remote care functionalities, and enhancing the quality of physician-patient interactions. Additionally, the ability to collect and track data regarding health outcomes and deviations has enormous benefits for population health research. However, the proliferation of mobile devices in the healthcare space can create issues under the Health Information Portability and Accountability Act (HIPAA). Mobile devices can lead to patient privacy issues and can raise numerous concerns over whether covered entities have sufficient safeguards in place to secure patient protected health information (PHI). Continue Reading

BEWARE OF THE MAN-IN-THE-MIDDLE: Malicious Eavesdroppers on the Internet

Posted in Compliance Issues, Cybersecurity, Privacy, Security, Technology

Imagine this: Dr. Primary is treating Patty Patient for substance abuse and emails Patty Patient’s protected health information (PHI) to a treatment clinic. Before the email arrives at the clinic, it is intercepted by a third party, Evan Eavesdropper, who publishes the PHI on the internet.  Evan Eavesdropper also decides to alter the PHI in the email before sending the email on to the clinic.  When the clinic receives the email with the altered PHI, the clinic thinks that Patty Patient is not a good candidate for its treatment program and emails its conclusions back to Dr. Primary.  Evan Eavesdropper gleefully changes this email and accepts Patty Patient into the clinic’s treatment program.  Patty Patient arrives at the clinic and finds there is no place for her in the treatment program. Continue Reading

Medical Marijuana Act Clouds the Rights of Employers to Establish and Enforce Marijuana Policies

Posted in Medical Marijuana

Pennsylvania’s recently passed Medical Marijuana Act (MMA) has left employers dazed and confused about whether they may continue to enforce zero tolerance drug policies. The MMA, which provides qualifying patients with access to medical marijuana through a safe and effective delivery method, is intended to balance patient need for access with patient safety. However, balancing these interests is not always an easy task, especially because marijuana remains an illegal substance under the Federal Controlled Substances Act. The attempt to balance patient access and safety, and the juxtaposition between state and federal law, can put employers in a sticky situation, particularly when it comes to establishing and enforcing zero tolerance drug policies. Continue Reading

CMS Grants Eleventh Hour Extension for Attesting to Meaningful Use

Posted in EHR, Meaningful Use

Doctor using digital tablet on gray background

Providers participating in the Medicare Electronic Health Record (EHR) Incentive Program now have an additional thirteen days to register and attest to meeting the meaningful use requirements for 2016. The Centers for Medicare & Medicaid Services has extended the reporting deadline until March 13, 2017, at 11:59 p.m. ET. This extension is intended to allow providers additional time to attest to the 2016 program requirements and avoid a 2018 payment adjustment. Continue Reading

Time is of the Essence When Reporting a Breach of PHI

Posted in Business Associates, Covered Entities, HIPAA, Privacy, Security

The failure to timely report a breach of unsecured protected health information (PHI) has cost Presence Health (one of the largest health systems in Illinois) almost half of a million dollars.

Earlier this month, Presence Health agreed to pay $475,000 and enter into a corrective action plan (CAP) with the Office for Civil Rights (OCR) based upon its failure to timely report a data breach in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and HIPAA’s Breach Notification Rule. Continue Reading

20 Years of HIPAA – Where We’ve Been and Where We’re Going

Posted in Guest Contributor, HIPAA, Privacy, Security
Marie Turnbull Director, Client Relations

Marie Turnbull
Director, Client Relations

On August 21, 1996, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was signed into law by President Bill Clinton. The original purpose of the Act, which amended the Internal Revenue Code of 1986, was to improve the portability and continuity of health insurance coverage, combat waste, fraud, and abuse, promote the use of medical savings accounts, improve access to long-term care services, and simplify the administration of health insurance.

At the time, there were no such things as electronic medical records (EMR), electronic Health Information Exchange (HIE), Covered Entities or Business Associates. Healthcare administration and patient privacy was complicated by varying rules and regulations across states, and a lack of uniformity at the federal level. Experts recognized the need to standardize regulations, better protect patient privacy and allow employees to retain health coverage when leaving their jobs. They also recognized the increased use of technology, and foresaw its coming impact on the healthcare industry. Continue Reading