The Anthem breach sent alarm waves through the health care industry and the employer health plan community. With 78.8 million affected individuals for Anthem and 11 million for the companion breach of Premera Blue Cross, the combined size ranks among the largest data breaches in history.

The Anthem and Premera breaches signal a sea change in the threat environment for health plans, a new reality that requires a fresh look at data security. Prudent employers with group health plans should take that fresh look now, by strengthening the data security provisions in their business associate agreements (BAAs) with third-party plan administrators, and also by updating their HIPAA-required security risk assessments.

The state of Georgia reached a civil settlement agreement on April 23, 2015, with Grady Health System based on allegations that Grady incorrectly coded claims for neonatal intensive care unit (NICU) patients, resulting in overpayments by Georgia Medicaid. For more details, read the Georgia Attorney General’s press release announcing the settlement.

Husch Blackwell Partner Winn Halverhout authored a briefing on the emerging use of medical marijuana in pediatric healthcare for the American Health Lawyers Association. The briefing, titled “Legal Aspects of Marijuana Applications in Pediatric Health Care,” addresses the development of state laws and cultural acceptance of marijuana.

The LA Times reported on March 18, 2015, that one of California’s biggest health insurers, Blue Shield of California, had lost its tax-exempt status. The report came after California’s Franchise Tax Board quietly revoked Blue Shield’s state tax-exempt status back in August 2014. One of the biggest reasons for doing so was because of Blue Shield’s huge financial reserves.

Husch Blackwell welcomes two attorneys to its Denver office: Senior Counsel Julie A. Sullivan and Associate Lawson S. Parker II. Sullivan and Parker both join the firm’s Healthcare, Life Sciences & Education industry team.

Sullivan has served as both in-house and external counsel to members of the healthcare industry. She counsels clients on a variety of regulatory and compliance issues, and transactional matters, and has also assisted clients with mergers and acquisitions. Parker assists hospitals, physicians, single and multi-specialty group practices, dentists and other healthcare professionals with respect to their operational, transactional and regulatory compliance matters. He also advises on mergers and acquisitions, joint ventures, the sale of healthcare-related entities and employment matters.

Because the healthcare industry is heavily regulated and complex, most healthcare deals involve a sign-then-close structure; that is, they have a period of time between signing the agreement and the closing date. This built-in period after signing the purchase agreement gives the parties time to obtain necessary approvals or perform necessary pre-closing covenants.

It’s a dangerous world for protected information, with major breaches in the news and a challenging cyber-threat environment behind the scenes. The healthcare industry is a prime target, especially given the premium value of health information on the black market. And healthcare entities face not only PHI breach exposures, but also security risks for other forms of protected information, such as PII and, for many, cardholder data.

Healthcare organizations must be prepared to respond to data breaches, but effective response is no small matter. There are 10 different channels of response activity for an organization that has suffered a security breach: Security, Legal, Forensic, Law Enforcement, Regulators, Insurance Coverage, Public Relations, Stakeholders, Notification, and Personnel Management. Most of these activities are involved in every breach, and all must be dealt with in significant breaches. These activities are not sequential. They play out in parallel, with interrelated effects… and with the response clock ticking.

The DOL’s self-imposed February deadline for announcing new FLSA regulations redefining “white collar” exemptions has come and gone with without any action from the DOL. No new deadline has been announced; however, the DOL’s website suggests that it still hopes to release the new regulations soon. Stayed tuned, and we will report back when the

Changes to Texas Medical Board regulations regarding the supervision of physician assistants went into effect March 12, 2015, and will reduce both: (i) physician oversight obligations; and (ii) conflict with prescriptive delegation regulations. Specifically, requirements of Tex. Admin. Code tit. 22 §185.16 were reduced to only prohibiting a physician assistant from independently billing patients “except where provided by law.”