On February 8, 2024, the Centers for Medicare and Medicaid Services (CMS) issued a quality standard memorandum (QSO Memo) updating and revising a memorandum it issued on January 5, 2018, to now permit the texting of patient orders among members of the patient’s health care team. CMS’s 2018 memorandum clarified CMS’s then-current position that texting

On February 8, 2024, the U.S. Department of Health and Human Services (HHS) issued a final rule (Final Rule) updating federal “Part 2” regulations to more closely align the requirements applicable to substance use disorder (SUD) treatment records with the HIPAA privacy rule, and to make certain other changes. The regulations at 42

Below is an excerpt of an article  published in the May 2023 issue of  Health Law Connections, the member magazine of the American Health Law Association. Kate and Conor were assisted on this article by Health Law Group intern Paul Sevigny.

COVID-19 has driven increased telehealth access and technology-based health care services.

On April 12, 2023, the U.S. Department of Health & Human Services (HHS) released a Notice of Proposed Rulemaking (Proposed Rule) that seeks to enhance safeguards of reproductive health care information through changes to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. The proposal is intended to align with President Biden’s Executive Order

On April 11, 2023 – one month in advance of the end of the COVID-19 public health emergency (PHE) on May 11, 2023 – the federal Office for Civil Rights (OCR) confirmed that various Notifications of Enforcement Discretion issued under HIPAA during the PHE will expire at the end of the day on May 11, 2023.Continue Reading OCR Reminder: Pandemic-Era HIPAA Flexibilities Will End May 11, 2023

The Centers for Medicare & Medicaid Services (CMS) recently issued a Fact Sheet (Fact Sheet) providing guidance on the impact of the end of the federal COVID-19 Public Health Emergency (PHE) on certain regulatory waivers, legislative changes, and flexibilities that have been established during the PHE. The government previously announced that the PHE will expire at the end of the day on May 11, 2023. CMS is providing this guidance as part of efforts to ease the transition for health care providers, patients, and other industry stakeholders away from pandemic-era policies and practices tied to PHE authorities. CMS emphasizes that many of the waivers and flexibilities are or will become permanent or extended, and others are intended to end on or soon following May 11, 2023.

Below please find a summary of key guidance provided by CMS in the Fact Sheet and in related CMS PHE guidance documents issued recently:Continue Reading CMS Issues Guidance for Providers on Waivers, Flexibilities and End of COVID-19 Public Health Emergency

HIPAA requires that covered entities notify the Office for Civil Rights (OCR) of any breaches of unsecured protected health information that affects less than 500 individuals in a calendar year within 60 days following the end of the calendar year.

Therefore, all breaches that affected less than 500 individuals that occurred in 2022 and have

On November 28, 2022, the Department of Health and Human Services (HHS) issued a proposed rule to modify the confidentiality protections of Substance Use Disorder (SUD) patient treatment records under 42 CFR Part 2 (Part 2) to implement statutory amendments passed under Section 3221 of the Coronavirus Aid, Relief, and Economic Security (CARES) Act (42 U.S.C. 290dd-2). Comments are being accepted for 60 days from the date of publication.Continue Reading HHS Proposes Rule to Align Part 2 Records and HIPAA

Health care providers subject to the Information Blocking rules issued under the 21st Century Cures Act, Pub.L. 114–255, are reminded that such Information Blocking rules will apply to an expanded set of information beginning on October 6, 2022. The Information Blocking rules currently apply only to a limited portion of electronic health information (EHI) represented by the specific data elements identified in the United States Core Data for Interoperability version 1 standard (commonly referred to as USCDIv1). Effective October 6, 2022, the Information Blocking rules will apply to all EHI, which is defined as all electronic protected health information (as defined by HIPAA) to the extent that such electronic protected health information is included in a designated record set (also as defined by HIPAA), and excluding psychotherapy notes and information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative proceeding.Continue Reading REMINDER: October 6 Deadline for Information Blocking Rules Approaches

According to the 2022 State of Ransomware Report issued recently by Sophos, it surveyed 5,600 IT professionals from 31 countries, including professionals in the health care sector. Those professionals in the health care sector shared that 66 percent of them had experienced a ransomware attack in 2021, which was an increase of 69 percent over 2020. This was the largest increase of all sectors surveyed.Continue Reading Privacy Tip – Health Care Sector Continues to Be Hit with Ransomware