On February 8, 2024, the Centers for Medicare and Medicaid Services (CMS) issued a quality standard memorandum (QSO Memo) updating and revising a memorandum it issued on January 5, 2018, to now permit the texting of patient orders among members of the patient’s health care team. CMS’s 2018 memorandum clarified CMS’s then-current position that texting
HIPAA
HHS Finalizes Updates to “Part 2” Regulations to Align Disclosure Rules with HIPAA and Promote More Coordinated Substance Use Disorder Care
On February 8, 2024, the U.S. Department of Health and Human Services (HHS) issued a final rule (Final Rule) updating federal “Part 2” regulations to more closely align the requirements applicable to substance use disorder (SUD) treatment records with the HIPAA privacy rule, and to make certain other changes. The regulations at 42…
Compliance Corner—The End of the Public Health Emergency: What’s Next for Telehealth?
Below is an excerpt of an article published in the May 2023 issue of Health Law Connections, the member magazine of the American Health Law Association. Kate and Conor were assisted on this article by Health Law Group intern Paul Sevigny.
COVID-19 has driven increased telehealth access and technology-based health care services.
HHS Seeks to Strengthen Protections of Reproductive Health Information with Proposed Changes to HIPAA
On April 12, 2023, the U.S. Department of Health & Human Services (HHS) released a Notice of Proposed Rulemaking (Proposed Rule) that seeks to enhance safeguards of reproductive health care information through changes to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. The proposal is intended to align with President Biden’s Executive Order…
OCR Reminder: Pandemic-Era HIPAA Flexibilities Will End May 11, 2023
On April 11, 2023 – one month in advance of the end of the COVID-19 public health emergency (PHE) on May 11, 2023 – the federal Office for Civil Rights (OCR) confirmed that various Notifications of Enforcement Discretion issued under HIPAA during the PHE will expire at the end of the day on May 11, 2023.Continue Reading OCR Reminder: Pandemic-Era HIPAA Flexibilities Will End May 11, 2023
CMS Issues Guidance for Providers on Waivers, Flexibilities and End of COVID-19 Public Health Emergency
The Centers for Medicare & Medicaid Services (CMS) recently issued a Fact Sheet (Fact Sheet) providing guidance on the impact of the end of the federal COVID-19 Public Health Emergency (PHE) on certain regulatory waivers, legislative changes, and flexibilities that have been established during the PHE. The government previously announced that the PHE will expire at the end of the day on May 11, 2023. CMS is providing this guidance as part of efforts to ease the transition for health care providers, patients, and other industry stakeholders away from pandemic-era policies and practices tied to PHE authorities. CMS emphasizes that many of the waivers and flexibilities are or will become permanent or extended, and others are intended to end on or soon following May 11, 2023.
Below please find a summary of key guidance provided by CMS in the Fact Sheet and in related CMS PHE guidance documents issued recently:Continue Reading CMS Issues Guidance for Providers on Waivers, Flexibilities and End of COVID-19 Public Health Emergency
Annual Breach Notification Deadline to OCR Looming
HIPAA requires that covered entities notify the Office for Civil Rights (OCR) of any breaches of unsecured protected health information that affects less than 500 individuals in a calendar year within 60 days following the end of the calendar year.
Therefore, all breaches that affected less than 500 individuals that occurred in 2022 and have…
HHS Proposes Rule to Align Part 2 Records and HIPAA
On November 28, 2022, the Department of Health and Human Services (HHS) issued a proposed rule to modify the confidentiality protections of Substance Use Disorder (SUD) patient treatment records under 42 CFR Part 2 (Part 2) to implement statutory amendments passed under Section 3221 of the Coronavirus Aid, Relief, and Economic Security (CARES) Act (42 U.S.C. 290dd-2). Comments are being accepted for 60 days from the date of publication.Continue Reading HHS Proposes Rule to Align Part 2 Records and HIPAA
REMINDER: October 6 Deadline for Information Blocking Rules Approaches
Health care providers subject to the Information Blocking rules issued under the 21st Century Cures Act, Pub.L. 114–255, are reminded that such Information Blocking rules will apply to an expanded set of information beginning on October 6, 2022. The Information Blocking rules currently apply only to a limited portion of electronic health information (EHI) represented by the specific data elements identified in the United States Core Data for Interoperability version 1 standard (commonly referred to as USCDIv1). Effective October 6, 2022, the Information Blocking rules will apply to all EHI, which is defined as all electronic protected health information (as defined by HIPAA) to the extent that such electronic protected health information is included in a designated record set (also as defined by HIPAA), and excluding psychotherapy notes and information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative proceeding.Continue Reading REMINDER: October 6 Deadline for Information Blocking Rules Approaches
Privacy Tip – Health Care Sector Continues to Be Hit with Ransomware
According to the 2022 State of Ransomware Report issued recently by Sophos, it surveyed 5,600 IT professionals from 31 countries, including professionals in the health care sector. Those professionals in the health care sector shared that 66 percent of them had experienced a ransomware attack in 2021, which was an increase of 69 percent over 2020. This was the largest increase of all sectors surveyed.Continue Reading Privacy Tip – Health Care Sector Continues to Be Hit with Ransomware