Fraud and Abuse and Other Regulatory Guidance

  • Draft guidance documents propose a framework for clinical and patient decision software and explain policy changes driven by 21st Century Cures Act
  • Final guidance document adopts International Medical Device Regulators Forum principles for addressing “clinical evaluation” of Software as Medical Device
  • Public Workshop (January 2018) will discuss progress of pilot precertification program

The FDA’s December 8 announcement of the availability of three new guidance documents, and of a public workshop to be held in January 2018, demonstrates the agency’s commitment to prioritizing the development of digital health software policy. As we previously reported here, Commissioner Gottlieb made it the subject of his first public statement and shortly afterward led the FDA’s rollout of a framework – the Digital Health Innovation Action Plan – for ensuring that its policies enable innovators to efficiently deliver safe and effective digital health technologies to patients and consumers. The publication of these documents and announcement of the workshop fulfill a few of the ambitious promises contained in the agency’s Action Plan.

Continue Reading Regulating at the Speed of Digital: FDA Implementation of Key Aspects of Digital Health Innovation Action Plan Progressing Quickly

Last week, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) released new guidance related to the sharing of mental health, behavioral health, and substance abuse disorder treatment information. The guidance focuses on how such information may be shared with the patient’s family and other caregivers under the Health Insurance Portability and Accountability Act (HIPAA) and 42 C.F.R. Part 2 (the regulations governing the use and disclosure of substance abuse treatment records) in various scenarios.

The guidance includes both fact sheets and decision-trees and highlights several scenarios related to caregiver relationships, such as parents of teenage or adult children with mental health or substance abuse issues, parents serving as “personal representatives,” when parents can access minor children’s mental health information, and how to access treatment information about a loved one. The guidance additionally touches on opioid addiction, which is a key focus under the Trump Administration. Within its corresponding press release, HHS reported that it will work to develop model training programs and materials for healthcare providers, patients, and their families pertaining to permitted uses and disclosures of mental and behavioral health information.

Venable’s Healthcare team has significant experience in health information privacy and security and will address any additional questions pertaining to the above. Please contact any of the authors if you have any questions.

*Originally published August 23, 2016 by AHLA

On May 18, finalized regulations were published implementing nondiscrimination requirements set forth in Section 1557 of the Affordable Care Act (ACA).

What Is Section 1557?

Section 1557 is the nondiscrimination law set forth in the ACA. It prohibits covered entities from discriminating on the basis of race, color, national origin, sex (which includes gender identity), age, or disability in health programs and activities.


Covered entities are entities that provide or administer health-related services or insurance coverage and receive “federal financial assistance.” Federal financial assistance includes Medicare, Children’s Health Insurance Program and Medicaid, meaningful use payments, U.S. Department of Health and Human Services (HHS) grants, Centers for Medicare & Medicaid Services gain-sharing demonstration projects, federal premium and cost-sharing subsidies, etc.  Continue Reading What Hospitals and Other Providers Need to Know About New Federal Non-Discrimination Rules

The Office for Civil Rights within the U.S. Department of Health and Human Services (OCR) has taken its first enforcement action against a business associate. On June 30, 2016, OCR announced that it entered into a resolution agreement and corrective action plan with Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) to settle potential HIPAA violations stemming from the theft of an employee’s company-issued cell phone that contained the particularly sensitive protected health information (PHI) of 412 nursing home residents. CHCS is a nonprofit organization that, at the time of the theft, provided management and information technology services to six nursing homes in the Philadelphia region, in addition to its other services for the benefit of the elderly, developmentally disabled individuals, young adults aging out of foster care, and individuals living with HIV/AIDS. As part of the settlement, CHCS is required to pay a resolution amount of $650,000. This announcement comes nearly three years after OCR was vested with direct enforcement authority over business associates.

Continue Reading Three Years in the Making: OCR Takes Its First HIPAA Enforcement Action Against a Business Associate