Privacy & Security/HIPAA/HITECH

On March 27, 2020, President Trump signed the Coronavirus Aid, Relief and Economic Security Act (the CARES Act) into law. Section 3221 of the CARES Act ratified fundamental changes to the Public Health Service Act, codified at 42 U.S.C. § 290dd-2 and associated regulations, which govern the confidentiality requirements of substance use disorder records, commonly known as 42 C.F.R. Part 2, or simply, “Part 2.” Substance use disorder (SUD) records are defined broadly as “[r]ecords of the identity, diagnosis, prognosis, or treatment of any patient which are maintained in connection with the performance of any program or activity relating to substance abuse education, prevention, training, treatment, rehabilitation, or research.” The changes are significant and align with the increasing movement to align the Part 2 rules with the Health Insurance Portability and Accountability Act (HIPAA). The CARES Act requires the Department of Health and Human Services (HHS) to revise the Part 2 regulations within 12 months to comply with the CARES Act.
Continue Reading

On March 17, 2020, the Department of Health and Human Services, Office of Civil Rights (OCR) issued guidance related to how Covered Entities can comply with HIPAA and the Privacy Rule and still disclose protected health information (PHI) about individuals infected with or exposed to COVID-19 to law enforcement, paramedics, other first responders, and public health authorities (Essential Providers).
Continue Reading

With the New Year underway, the deadline is quickly approaching for HIPAA covered entities to file their annual breach reports with the U.S. Department of Health & Human Services Office for Civil Rights (“OCR”).

While breaches involving 500 or more individuals must be reported no later than 60 calendar days from the date of discovery,

As most healthcare providers know, HIPAA requires that covered entities or business associates  conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (“ePHI”) held by the covered entity or business associate.[1] Providers who receive Meaningful Use incentive payments from the Centers for Medicare and Medicaid Services (“CMS”) for implementing electronic health record (“EHR”) systems into their practices or operations are also likely aware of the fact that one of the many requirements for these incentive payments is to conduct a HIPAA security risk analysis annually. Now, perhaps more than ever before, both CMS and the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) is demonstrating the importance of ensuring that these risk analyses are performed, or providers can face dire consequences. Below are the top reasons to conduct a thorough HIPAA security risk analysis.
Continue Reading

Medicine and new technologyA little rain can’t stop SXSW. Husch Blackwell attorneys have attended dozens of interesting presentations and met countless innovative minds. We will continue to post live updates on Twitter (@HBhealthcarelaw) and release brief blog posts related to certain presentations throughout the event. With former VP Joe Biden in town to discuss his cancer moonshot today, our focus is precision medicine.

Precision medicine is an innovative approach to medical treatment that takes into account individual differences in people’s genes, environments, and lifestyles. The promise of precision medicine is delivering the right treatments, at the right time, to the right person. The potential of precision medicine is recognized at the highest levels of government. In his 2015 State of the Union address, former President Barack Obama launched the Precision Medicine Initiative (“PMI”), a bold new research effort to revolutionize health and the treatment of disease. Subsequently, Sylvia M. Burwell, Secretary of the U.S. Department of Health & Human Services (“DHHS”), announced the FY 2016 budget would include $215 million for the PMI, with $200 million of this to be used by the National Institutes of Health (“NIH”) to launch the All of Us program, a national cohort of a million or more Americans who volunteer to share genetic, clinical, and other data to improve research. The funds will also be used to invest in expanding current cancer genomics research and to initiate new studies on how a tumor’s DNA can inform prognosis and treatment choices.


Continue Reading

cellphone137457731Today kicks-off one of Austin’s largest and best-known events, the South by Southwest Interactive Conference. In the spirit of Husch Blackwell’s involvement in several aspects of the conference, this post will touch on emerging health technology and pushing the limits of HIPAA.

New technology is being developed to be used in healthcare settings on a

abaEmerging Issues in Healthcare Law is coming to the Big Easy. The American Bar Association’s 18th annual conference is slated for New Orleans March 8-11.

Husch Blackwell is a platinum sponsor of this event featuring the most emergent topics facing the healthcare bar. As the industry faces changes and continues to grow under healthcare reform and enforcement, this conference allows attendees a perfect opportunity to stay ahead of the developments.
Continue Reading

Phone_000011163163SmallA California federal court handed down a decision last Friday that may further influence how healthcare entities should approach the Telephone Consumer Protection Act’s (TCPA) “emergency purpose” exception as applied to calls or texts related to patient health and safety. In St. Clair v. CVS Pharmacy, Inc., No. 16-CV-04911-VC, 2016 WL 7489047, at *1 (N.D. Cal. Dec. 30, 2016), the plaintiff alleged that CVS Pharmacy called him multiple times about his prescriptions after he told a customer representative that he no longer wished to be called. CVS moved to dismiss the lawsuit by claiming that all of the calls at issues fell under the emergency purpose exception contained in the statute, and therefore were not subject to the TCPA.
Continue Reading

dataLocks148650499Backing up electronic health record data may become an important aspect of complying with and mitigating risk under the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) if the U.S. Health and Human Services Office of Civil Rights (OCR) heeds legislators’ recommendations.
Continue Reading