Photo of Wakaba Tessier

Wakaba’s work requires mastery not just of the law but also the rapidly changing healthcare marketplace and its many regulations. She focuses on the unique issues faced by specialty pharmacies, such as licensing and other compliance challenges.

In today’s episode of our Hospice Privacy Series, Husch Blackwell’s Meg Pekarske is joined by colleagues Wakaba Tessier and Erin Burns, who share insights on the ins and outs of HIPAA breaches. They break down what a HIPAA breach really is, the types of breaches most often experienced by hospices and what to do when you think you have discovered a breach.

Since last year, the Husch Blackwell privacy attorneys have been working with various healthcare providers—from hospitals to hospices, to independent physician groups—to comply with the Information Blocking rule (the Rule) implemented by the Office of the National Coordinator for Health Information Technology (ONC) as part of the 21st Century Cures Act.  Recently, Education clients have been asking, “We’re a university – does the Information Blocking rule apply to our student health center?”  We discuss the answer to that question, along with practice tips, in this blog post.

You may recall on December 10, 2020 we wrote about the Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announcement of a proposed rule  that would revise the Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulations. In the proposed rule, HHS has solicited public comments, that were originally due within 60-days  of the proposed rule publication in the Federal Register.

The pandemic of 2020 tested the mettle of our nation’s healthcare system in many unexpected and profound ways. As healthcare delivery was being rapidly restructured to accommodate COVID-19 diagnosis and treatment and socially-distanced care, bad actors simultaneously began to exploit the increased number of vulnerabilities in health information systems created by telehealth platforms, patient portals and the inattention of stressed, overworked staff. The result was an unprecedented number of cyberattacks culminating in an alert from the Cybersecurity and Infrastructure Security Agency (CISA) on October 28, 2020 addressing the plague of ransomware activity targeting the healthcare and public health sector.

On December 10, 2020, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) released a proposed rule that would revise the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

In its news release, OCR noted that the changes “seeks to promote value-based health care by examining federal regulations that impede efforts among healthcare providers and health plans to better coordinate care for patients.”  The proposed changes come on the heels of the recently delayed Information Blocking Rule, which seeks to prohibit interferences with access, exchange, or use of electronic health information (EHI).   The key proposed changes are discussed below.

With all that 2020 has brought, the Information Blocking Rule that came out of the Cures Act was under the radar of many hospices. Thankfully, HHS extended the compliance date for the Rule to April 5, 2021, from November 2, 2020. With this additional time, hospices need to evaluate how they will achieve compliance; what

On October 29, 2020, HHS extended the effective date of compliance for the “Information Blocking” final rule promulgated as part of the 21st Century Cures Act (Information Blocking Rule). The Information Blocking Rule, which was set to take effect on November 2, 2020, prohibits health care providers, IT developers, and health information exchanges from unreasonably interfering with the access, exchange, or use of electronic health information (EHI). We previously discussed the practice of information blocking and the eight exceptions in our blog post Information Blocking: Ready or Not, Here it Comes!.

On May 1, 2020, the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology (ONC) released its final rule (Final Rule) on “Information Blocking” as part of the 21st Century Cures Act. The Final Rule applies to the following (ONC refers to each one as an “Actor”): (i) healthcare providers, (ii) health IT developers subject to ONC’s Health IT Certification Program, (iii) health information networks (HIN) or (iv) health information exchanges (HIE). With the initial enforcement date fast approaching (November 2), we explain the rule below.

On June 12, 2020, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), issued guidance confirming HIPAA permits a covered healthcare provider (Provider) to use protected health information (PHI) to identify and contact recovered COVID-19 patients to inform them of how they can donate their blood and plasma.  As background, HIPAA

Background

 On Wednesday, April 8, 2020, the U.S. Department of Health & Human Services (HHS) Office of the Assistant Secretary for Health released guidance authorizing pharmacists to “order and administer COVID-19 tests, including serology tests, that the Food and Drug Administration (FDA) has authorized.”  In its guidance, HHS granted licensed pharmacists immunity when administering or ordering FDA-authorized COVID-19 tests and stated that they will be considered a “covered person” under the Public Readiness and  Preparedness Act (PREP Act) when taking such actions. The PREP Act confers immunity for covered persons, from claims arising out of state law. For more background information about the April 8, 2020 HHS guidance, see our previous post available here.