The Centers for Medicare and Medicaid (CMS) expanded Medicare reimbursement for telehealth within the annual Physician Fee Schedule (PFS) final rule for 2021. During the pandemic Public Health Emergency (PHE), CMS has temporarily reimbursed many telehealth services. In light of the success of unprecedented telehealth utilization during the PHE, more than 60 services have been formally added to the Medicare telehealth list which will endure beyond the end of the PHE.
With all that 2020 has brought, the Information Blocking Rule that came out of the Cures Act was under the radar of many hospices. Thankfully, HHS extended the compliance date for the Rule to April 5, 2021, from November 2, 2020. With this additional time, hospices need to evaluate how they will achieve compliance; what
On October 29, 2020, HHS extended the effective date of compliance for the “Information Blocking” final rule promulgated as part of the 21st Century Cures Act (Information Blocking Rule). The Information Blocking Rule, which was set to take effect on November 2, 2020, prohibits health care providers, IT developers, and health information exchanges from unreasonably interfering with the access, exchange, or use of electronic health information (EHI). We previously discussed the practice of information blocking and the eight exceptions in our blog post Information Blocking: Ready or Not, Here it Comes!.
The combination of a significant increase in COVID-19 cases, political tensions in the final days of a national election season, and law enforcement’s focus on election security created an opportunity for cybercriminals to target the computer networks of America’s healthcare and public health (HPH) sector. That opportunity has come to fruition this week.
On October 28, 2020 the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) published Alert AA20-302A (Alert) describing ransomware activity that has targeted the HPH sector. In the Alert, CISA, FBI and HHS assess that cybercriminals are targeting the HPH sector with TrickBot and BazarLoader malware, which are frequently followed by ransomware attacks, data theft, and disruption of healthcare services.
Two new federal rules will make it easier for consumers to access, use and transmit their personal healthcare information using an app on their smartphone or tablet. The regulations implement prior legislation and advance the current Administration’s intent to empower patients to be better consumers and transform the healthcare industry.
The two final rules were released on March 9 by the Department of Health and Human Services (DHHS): from the Office of the National Coordinator for Health Information Technology (ONC), the 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program final rule; and, from the Centers for Medicare and Medicaid Services (CMS), the final rule on Interoperability and Patient Access.
On April 8, 2020, the U.S. Department of Health & Human Services (HHS) Office of the Assistant Secretary for Health released guidance authorizing pharmacists to order and administer COVID-19 tests. Immediately following this guidance, on April 9, 2020, the HHS Office of Civil Rights (OCR) announced that it will exercise its enforcement discretion and will refrain from imposing penalties for violations of HIPAA for covered entities or business associates participating, in good faith, in the operation of COVID-19 Community-Based Testing Sites (CBTS) during the nationwide public health emergency. The guidance regarding pharmacists testing for COVID-19 and the notice related to the relaxation of HIPAA rules comes on the heels of pharmacies, such as CVS and Walgreens, taking on a more active and critical role in the fight against the COVID-19 pandemic.
On March 27, 2020, President Trump signed the Coronavirus Aid, Relief and Economic Security Act (the CARES Act) into law. Section 3221 of the CARES Act ratified fundamental changes to the Public Health Service Act, codified at 42 U.S.C. § 290dd-2 and associated regulations, which govern the confidentiality requirements of substance use disorder records, commonly known as 42 C.F.R. Part 2, or simply, “Part 2.” Substance use disorder (SUD) records are defined broadly as “[r]ecords of the identity, diagnosis, prognosis, or treatment of any patient which are maintained in connection with the performance of any program or activity relating to substance abuse education, prevention, training, treatment, rehabilitation, or research.” The changes are significant and align with the increasing movement to align the Part 2 rules with the Health Insurance Portability and Accountability Act (HIPAA). The CARES Act requires the Department of Health and Human Services (HHS) to revise the Part 2 regulations within 12 months to comply with the CARES Act.
On March 17, 2020, the Department of Health and Human Services, Office of Civil Rights (OCR) issued guidance related to how Covered Entities can comply with HIPAA and the Privacy Rule and still disclose protected health information (PHI) about individuals infected with or exposed to COVID-19 to law enforcement, paramedics, other first responders, and public health authorities (Essential Providers).
With the New Year underway, the deadline is quickly approaching for HIPAA covered entities to file their annual breach reports with the U.S. Department of Health & Human Services Office for Civil Rights (“OCR”).
While breaches involving 500 or more individuals must be reported no later than 60 calendar days from the date of discovery,
As most healthcare providers know, HIPAA requires that covered entities or business associates conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (“ePHI”) held by the covered entity or business associate.[1] Providers who receive Meaningful Use incentive payments from the Centers for Medicare and Medicaid Services (“CMS”) for implementing electronic health record (“EHR”) systems into their practices or operations are also likely aware of the fact that one of the many requirements for these incentive payments is to conduct a HIPAA security risk analysis annually. Now, perhaps more than ever before, both CMS and the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) is demonstrating the importance of ensuring that these risk analyses are performed, or providers can face dire consequences. Below are the top reasons to conduct a thorough HIPAA security risk analysis.