The Office for Civil Rights (“OCR”) within the U.S. Department of Health and Human Services, the federal agency that enforces the HIPAA Privacy, Security, and Breach Notification Rules, recently released its preliminary results for Covered Entities participating in its Phase 2 HIPAA compliance audit program.  Overall, the audit shows significant compliance gaps for the entities audited.

While the Phase 2 audits examined Covered Entities and Business Associates, the preliminary results are limited to the 166 audited Covered Entities.  The audits of Business Associates, 41 in total, are still in process.  The vast majority of Covered Entities audited (90%) were healthcare providers and the rest were health plans or healthcare clearinghouses.

The 166 Covered Entities surveyed were broken up into two groups.  There were 103 Covered Entities reviewed for privacy and breach notice compliance and another 63 assessed on security compliance efforts.

Continue Reading Preliminary Results for Covered Entities Participating in the Phase 2 HIPAA Audit Program

No two health care companies are alike, but many face similar challenges when managing their data risk. Many of these challenges arise due to the competing desires with which every modern organization now struggles—one between innovation and growth on the one hand and compliance and legal risk on the other.

Specifically, the following five issues are top of mind:

  1. The tension between data growth and analytics and data minimization;
  2. Handling connected devices and mobile apps;
  3. Creating effective cross-functional privacy and security teams;
  4. The data implications of acquisitions; and
  5. Effective and tiered vendor management.

We discuss these issues and offer practical guidance on each.

Continue Reading Top Five Privacy and Data Security Issues Facing Healthcare Companies

Last week, Senators Lindsey Graham of South Carolina and Bill Cassidy of Louisiana (with their co-sponsors, Senators Dean Heller (R-NV) and Ron Johnson (R-WI)) released the “Graham-Cassidy-Heller-Johnson Amendment” (“Graham-Cassidy bill”), which, if passed, would have repealed major sections of the Patient Protection and Affordable Care Act (ACA).

Specifically, the bill would have repealed the ACA’s individual and employer mandates, ended the Medicaid expansion in 2020, replaced the ACA’s subsidy program with state block grants (which would have allowed states to decide how their healthcare system would operate), weakened restrictions against pre-existing condition protections, and defunded Planned Parenthood.

Continue Reading The Senate Will Not Vote on the Latest ACA Repeal Effort (the Graham-Cassidy Bill)

*Originally published August 23, 2016 by AHLA

On May 18, finalized regulations were published implementing nondiscrimination requirements set forth in Section 1557 of the Affordable Care Act (ACA).

What Is Section 1557?

Section 1557 is the nondiscrimination law set forth in the ACA. It prohibits covered entities from discriminating on the basis of race, color, national origin, sex (which includes gender identity), age, or disability in health programs and activities.

Applicability?

Covered entities are entities that provide or administer health-related services or insurance coverage and receive “federal financial assistance.” Federal financial assistance includes Medicare, Children’s Health Insurance Program and Medicaid, meaningful use payments, U.S. Department of Health and Human Services (HHS) grants, Centers for Medicare & Medicaid Services gain-sharing demonstration projects, federal premium and cost-sharing subsidies, etc.  Continue Reading What Hospitals and Other Providers Need to Know About New Federal Non-Discrimination Rules

The fast-growing field of digital health is transforming healthcare by bringing together digital communications technology, electronic health information, electronic prescribing, connected medical devices, and telehealth. These technologies are being deployed by healthcare entities ranging from small health tech startups to large, established hospital systems, medical device companies, and other traditional healthcare companies. Telehealth systems are already in use for applications as varied as direct-to-consumer urgent care and remote provider-to-provider consultations for treatment of complex conditions such as strokes or rare genetic diseases. With these exciting new developments comes a new set of regulatory challenges and concerns for companies in the space. This alert provides a brief overview of some of the laws and regulations that may apply to health companies engaging in digital health.

Continue Reading Digital Health Law: What Digital Health Companies Need to Keep in Mind

  • Opens application process and public comment period for precertification pilot program
  • Nine companies to be chosen by September 1, 2017

Last June, FDA Commissioner Scott Gottlieb made his first public statement as Commissioner by announcing the imminent rollout of a new “Digital Health Innovation Plan.” This statement signaled his intent to prioritize the agency’s efforts to create – and clearly articulate – a regulatory regime that promises to “help innovators navigate a new, modern regulatory process” that will efficiently enable the delivery of safe and effective digital health technologies to patients and consumers.

On July 28, FDA formally rolled out its Digital Health Innovation Action Plan, along with a process for companies to apply to participate in one key component: the Software Precertification Pilot Program. The Action Plan describes several concrete deliverables that the agency plans to complete by the first quarter of 2018 to put a “reimagined” regulatory regime for digital health technologies in place. This will include:

Continue Reading FDA Launches Action Plan for Digital Health Regulation

Senate Republicans have released several bills in recent weeks in support of their goal of repealing and replacing the Affordable Care Act (ACA). This morning, that effort appears to have failed.

On Tuesday, the Senate narrowly approved a motion to proceed, allowing the chamber to begin consideration of measures to achieve that goal. Republican Senators Susan Collins of Maine and Lisa Murkowski of Alaska voted with the Democrats against the motion, but Vice President Mike Pence broke the resulting 50-50 tie. That vote allowed debate to move forward on a range of healthcare legislative options.

The next step for proponents of the repeal effort was to agree on what, if anything, would replace the ACA. Three options were considered, and all were voted down:

Continue Reading The Republican Health Bill Failed Key Tests – So What’s Next?

Senate Republicans have released several bills in recent weeks in support of their goal of repealing and replacing the Affordable Care Act (“ACA”). This afternoon, the Senate narrowly approved a procedural step that allows the chamber to begin consideration of measures to achieve that goal. Republican Senators Susan Collins of Maine and Lisa Murkowski of Alaska voted with the Democrats against the motion to proceed and Vice President Mike Pence broke the resulting 50-50 tie.

Today’s vote allows debate to move forward on a range of healthcare legislative options. The next step for proponents of the repeal effort is to agree on what, if anything, will replace the ACA. It remains to be seen if any of the legislative proposals (including straight repeal with no immediate proposal to replace) put forward so far will be able to draw enough votes to pass the closely divided Senate. One possibility may be a “skinny repeal” bill limited to repealing the individual mandate, employer mandate, and medical device tax. If passed, this bill could be approved by the House as-is, but would more likely move to conference with the House.

The Office for Civil Rights within the U.S. Department of Health and Human Services (OCR) has taken its first enforcement action against a business associate. On June 30, 2016, OCR announced that it entered into a resolution agreement and corrective action plan with Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) to settle potential HIPAA violations stemming from the theft of an employee’s company-issued cell phone that contained the particularly sensitive protected health information (PHI) of 412 nursing home residents. CHCS is a nonprofit organization that, at the time of the theft, provided management and information technology services to six nursing homes in the Philadelphia region, in addition to its other services for the benefit of the elderly, developmentally disabled individuals, young adults aging out of foster care, and individuals living with HIV/AIDS. As part of the settlement, CHCS is required to pay a resolution amount of $650,000. This announcement comes nearly three years after OCR was vested with direct enforcement authority over business associates.

Continue Reading Three Years in the Making: OCR Takes Its First HIPAA Enforcement Action Against a Business Associate

On Thursday, June 22, 2017, Senate Republican leaders released their legislative proposal to amend the Affordable Care Act (ACA). A revised version of the bill was released on June 26. The Senate’s take on healthcare legislation, titled the Better Care Reconciliation Act of 2017 (BCRA), comes after the House passed the American Health Care Act (AHCA) by a narrow margin in early May. The Senate bill is structurally similar to the House version, but it departs from the AHCA in important ways. The Senate bill makes deeper cuts to Medicaid and establishes a different set of subsidies to help individuals purchase insurance. The BCRA is labeled a “discussion draft,” but Senate leaders have set an ambitious goal of holding a vote on the measure before the July 4th holiday.

Key provisions of the BCRA are outlined below.

Continue Reading Senate Republicans Release Healthcare Bill