OCR Settles Five Investigations Under Right of Access Initiative

The Office for Civil Rights (OCR) announced yesterday that it has settled five investigations in its HIPAA Rights to Access Initiative (Initiative), which it announced would be an enforcement priority for it starting in 2019. The Initiative is “to support individuals’ right to timely access to their health records at a reasonable cost under the HIPAA Privacy Rule.”

The addition of the five recent settlements brings the total to seven for OCR’s enforcement of the Initiative. The OCR’s press release states that the recent settlement involve five entities: Housing Works, Inc., All Inclusive Medical Services, Inc., Beth Israel Lahey Health Behavioral Sciences and King MD. Continue Reading

CMS Extends Timeline for Finalizing Changes to Physician Self-Referral (Stark) Law Regulations to August 2021

On August 24, 2020, the Centers for Medicare & Medicaid Services (CMS) announced an “extension of the timeline” for publication of a final rule addressing changes to the Physician Self-Referral Law (or Stark Law) regulations.  In its announcement, CMS set a new deadline of August 31, 2021 for publication of a final rule. Continue Reading

COVID-19 Pandemic Brings Telehealth into U.S. Homes

Excerpt of a contributed article published in Medical Economics on August 13, 2020.

The public health emergency (PHE) caused by the COVID-19 pandemic has resulted in systemic changes throughout the nation’s health care system. Almost overnight, health systems, providers and the government were forced to collaborate to ‘stand up’ field hospitals, testing sites, and quarantine procedures, while postponing or cancelling certain elective procedures and ceasing in-person encounters. One of the most significant developments in the response to COVID-19 has been government support for the expansion of telehealth services, which represents a significant departure from longstanding resistance – in the form of regulatory restrictions, payment policies, licensure restrictions, and privacy concerns – to the provision of health care via telehealth. Most recently, the President issued an Executive Order that directs the Secretary of the Department of Health and Human Services (HHS) to propose regulations to codify some of the key telehealth changes, and notes that almost half of Medicare fee-for-service primary care visits during the month of April were provided via telehealth.

This article provides a high-level overview of those changes, highlights key issues for health care providers to monitor as federal and state governments, physicians and patients continue to battle the COVID-19 pandemic, and considers how the post-COVID-19 health care landscape will look for telehealth services. Read the full article.

Connecticut Authorizes Out-of-State Health Care Practitioners to Render Assistance for Remainder of COVID-19 Pandemic

On July 14, 2020 Connecticut Governor Lamont issued Executive Order No. 7HHH, in which the Governor modified state law to enable the Commissioner of the Department of Public Health (DPH) to temporarily suspend licensure, registration and certification requirements for certain DPH-regulated practitioners for the duration of the state public health and civil preparedness emergency.  Notably, in that Executive Order, the Governor stated that “healthcare providers from outside Connecticut have greatly enhanced the provision of healthcare services in Connecticut during the COVID-19 pandemic and thereby fundamentally improved the state’s ability to protect public health at critical time.” Continue Reading

Health Care Providers Continue to Be Hit with Ransomware and Phishing

It doesn’t matter in which  state you are located, how many patients you treat, what kind of medicine you practice or how many employees you have, if you are a health care provider, you are being targeted and hackers are successful in victimizing you.

That’s my take on the recent Becker’s Health IT article that lists 66 healthcare providers around the country that have suffered a cyber-attack in the form of malware, ransomware or a phishing attack in the first six months of 2020. Although we know that health care providers are being targeted, the list of incidents is sobering.

The only thing that the 66 companies have in common is that they are healthcare providers and the attacks were successful. The list confirms the stark reality of the risk healthcare providers face from cyber-attacks.

This post is also being shared on our Data Privacy + Cybersecurity Insider blog. If you’re interested in getting updates on developments affecting data privacy and security, we invite you to subscribe to the blog.

CMS Releases Guidance on the Allowance of Telehealth Encounters in eCQMs

On July 2, 2020, the Centers for Medicare and Medicaid Services (CMS) released guidance documents on the allowance of telehealth encounters for the Eligible Professional and Eligible Clinician electronic clinical quality measures (eCQMs) used in CMS quality reporting programs for the 2020 and 2021 performance periods. The guidance applies to eCQMs used in the:

  • Quality Payment Program: The Merit-based Incentive Payment System (MIPS) and Advanced Alternative Payment Models (Advanced APMs)
  • APM: Comprehensive Primary Care Plus (CPC+)
  • APM: Primary Care First (PCF)
  • Medicaid Promoting Interoperability Program for Eligible Professionals

Continue Reading

CMS Proposes 2021 End-Stage Renal Disease Prospective Payment System Rule

On July 6, 2020, the Centers for Medicare and Medicaid Services (CMS) proposed its calendar year 2021 End-Stage Renal Disease (ESRD) Prospective Payment System (PPS) rule. ESRD PPS rules are promulgated on an annual basis, providing updates to payment policies and rates for renal dialysis services furnished to beneficiaries. The 2021 proposed rule also proposes to update the acute kidney injury (AKI) dialysis payment rate for renal dialysis services furnished by ESRD facilities to individuals with AKI, and proposes changes to the ESRD Quality Incentive Program. In addition to the annual technical updates, the 2021 rule proposes, at a high level:

  • Changes to the eligibility criteria and determination process for the transitional add-on payment adjustment for new and innovative equipment and supplies (TPNIES), and defining “new” to be within three years, beginning on the date of the FDA marketing authorization;
  • Expansion of the TPNIES to include new and innovative capital-related assets that are home dialysis machines, used in the home for a single patient;
  • Updates to the outlier policy and outlier services fixed-dollar loss amounts as well as the Medicare allowable payment amounts;
  • An addition to the ESRD PPS base rate to include calcimimetics in the ESRD PPS bundled payment;
  • A change to the low-volume payment adjustment eligibility criteria and attestation requirement to account for the COVID-19 public health emergency; and
  • An update to the ESRD PPS wage index to adopt the new Office of Management and Budget (OMB) delineations with a transition period.

Continue Reading

Connecticut Office of Health Strategy Prepares to Resume Certificate of Need Application Review with Virtual Hearings

On June 30, 2020, the Connecticut Office of Health Strategy (OHS) announced in a newsletter that the agency will prepare to resume the Certificate of Need (CON) application review process. This includes transitioning to virtual hearings, as Connecticut’s COVID-19 restrictions still prevent any in-person hearings. While OHS has yet to announce a specific date for resumption of CON hearings, “OHS officials expect the first of these virtual CON public hearings to be held sometime this summer.” Continue Reading

New York State Department of Health Publishes Emergency Rule to Clarify Authority to Prevent Spread of Communicable Disease

On June 24, 2020 the New York State Department of Health (DOH) published formal notice of its June 5th emergency rule “necessary to clarify and strengthen the Department’s authority and that of the local health departments to take specific actions to control the spread of disease, including actions related to investigation and response to a disease outbreak, as well as the issuance of isolation and quarantine orders.” Though the emergency regulations are issued in the midst of the COVID-19 pandemic, DOH indicates it intends to adopt the emergency rule as a permanent rule and will publish a notice of proposed rulemaking in the State Register at some future date.

The emergency rule amends Title 10 of the New York Codes, Rules and Regulations in parts 2, 58, and 405. The emergency changes are effective as of June 5th until September 2nd. Below are some highlights of the changes made by the emergency rule.

Amendments to 10 NYCRR part 2 include:

  • Amending existing definitions and adding new defined terms such as “quarantine,” “contact,” and “isolation.”
  • Clarifying local health department authority to investigate a case, suspect case, outbreak, or unusual disease, and requires individuals and entities subject to a public health investigation to cooperate with the DOH and local health department.
  • Adding new language to make clear that the DOH has the authority to issue isolation and quarantine orders, as do local departments of health, and the process for such orders and penalties for any violation.
  • Relocating and updating existing regulations that require the attending physician to report cases and suspected cases to the local health authority, and require physicians to provide instructions concerning how to protect others.

Amendments to 10 NYCRR 58 include:

  • Requiring DOH to designate communicable diseases that require prompt action, and to make available a list of such diseases on the DOH website.
  • Requiring clinical laboratories to immediately report positive test results for communicable diseases identified as requiring prompt attention.
  • Requiring clinical laboratories to report all test results, including negative and indeterminate results, for communicable diseases identified as requiring prompt attention.

Amendments to 10 NYCRR 405 include:

  • Mandating hospitals to report syndromic surveillance data during an outbreak of a highly contagious communicable disease.
  • Permitting DOH to direct hospitals to take patients during an outbreak of a highly contagious communicable disease.

This post was co-authored by Michael Lisitano, legal intern at Robinson+Cole. Michael is not yet admitted to practice law.

HHS Issues Guidance for Providers on Soliciting COVID-19 Blood and Plasma Donations

On June 12, 2020, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued timely HIPAA guidance (Guidance) regarding solicitations of blood and plasma donations from recovered COVID-19 patients.

In the Guidance, OCR affirms that health care providers can use patient information to identify patients that have recovered from COVID-19 to provide information about how they may donate plasma or blood with COVID-19 antibodies to support treatment of other patients with COVID-19. OCR explains that this use of protected health information would be permissible as part of a provider’s health care operations to enable case management of COVID-19 patient populations. OCR also reminds providers that because the activity is a health care operation and not for treatment purposes, HIPAA’s minimum necessary standard applies to any use or disclosure of protected health information in connection with the solicitation of blood or plasma donations. Continue Reading

LexBlog