On September 9, 2021 President Biden announced a COVID-19 Action Plan entitled “Path out of the Pandemic” (the “Plan”) which comprises a six-pronged national strategy aimed at combatting COVID-19. The Plan includes a number of important provisions related to health care, including implementation of COVID-19 vaccine requirements and an expansion of resources available for treatment of COVID-19. The Plan signals significant changes upcoming for health care organizations, their employees, and their patients.

The following summary addresses certain parts of the Plan with specific implications for health care, but please continue to check R+C blogs and legal updates for follow-up analysis of the specific guidance and rules that are released in furtherance of the Plan.
Continue Reading Biden COVID-19 Action Plan Expands Vaccine Mandates, Testing, and Treatment to Combat Spread of Virus

In a rare move, the Department of Health and Human Services (HHS) has issued a warning to hospitals and health systems to prioritize the patching of a two-year-old vulnerability in picture archive communication systems (PACs). PACs are used for the exchange and storage of health scans and images, such as MRIs, CT Scans, breast imaging,

On January 28, 2021, the Department of Health and Human Services (HHS) issued a Fifth Amendment to HHS’s Declaration under the Public Health Readiness and Emergency Preparedness Act (PREP Act) that provides liability immunity to certain individuals and entities arising from the manufacturing, distribution, administration or use of medical countermeasures (e.g., therapeutics and vaccines) against COVID-19.
Continue Reading COVID-19 Vaccine Update: HHS Expands Pool of Eligible Vaccinators under PREP Act

On January 14, 2021, the U.S. Court of Appeals for the Fifth Circuit overturned a $4.348 million penalty for alleged HIPAA violations assessed by the U.S. Department of Health & Human Services (HHS) against the University of Texas M.D. Anderson Cancer Center (Hospital). The case arises from an enforcement action undertaken by HHS following the Hospital’s self-disclosure of three separate instances of lost or stolen portable devices containing electronic protected health information (ePHI). The government’s investigation determined that the devices were not encrypted, and that the Hospital’s failure to encrypt the devices to protect the ePHI contained therein constituted a violation of HIPAA’s Privacy and Security Rules. After HHS imposed the penalty in 2017, the Hospital appealed the penalty first to an Administrative Law Judge, and then to HHS’s Departmental Appeals Board before petitioning the Fifth Circuit for review in 2019 (see our prior analyses of this case here).
Continue Reading Fifth Circuit Overturns “Arbitrary and Capricious” $4.3 Million HIPAA Penalty Against Hospital

On December 10, 2020, the U.S. Department of Health and Human Services (HHS) announced proposed changes to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, which is one of several rules that protect the privacy and security of individuals’ medical records and other protected health information (PHI). According to HHS, the proposed changes are intended to support individuals’ engagement in their health care, remove barriers to coordinated care and case management, and reduce regulatory burdens on the health care industry, while continuing to protect the privacy and security of individuals’ PHI.
Continue Reading HHS Proposes Modifications to the HIPAA Privacy Rule to Enhance Care Coordination and Management and Remove Barriers to Accessing Information

On November 30 and December 2, 2020, the Department of Health and Human Services Office of Inspector General (OIG) published two final rules (available here: November 30 Final Rule and December 2 Final Rule) which modify the safe harbor regulations to the federal Anti-Kickback Statute (AKS) and codify a new exception to the Civil

Health care providers interested in applying for additional CARES Act Provider Relief funding from the Phase 3 General Distribution have until November 6, 2020 to submit an application to the Department of Health & Human Services (HHS).
Continue Reading REMINDER: November 6 Deadline for New CARES Act Funding Approaches

Health care providers and contractors continue to be a popular target for hackers. Recently, CHSPSC LLC (CHSPSC), which provides various services to hospitals and clinics indirectly owned by Community Health Systems, Inc. of Tennessee, agreed to pay $2,300,000 to the Office for Civil Rights (OCR) in settlement of potential violations of HIPAA’s Privacy and Security Rules. The OCR investigation and settlement stemmed from a data breach affecting over six million people.
Continue Reading HIPAA Business Associate Pays $2.3 Million Settlement After Hackers Target PHI of Over 6 Million Individuals

Excerpt of a contributed article published in Medical Economics on August 13, 2020.

The public health emergency (PHE) caused by the COVID-19 pandemic has resulted in systemic changes throughout the nation’s health care system. Almost overnight, health systems, providers and the government were forced to collaborate to ‘stand up’ field hospitals, testing sites, and quarantine

On June 12, 2020, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued timely HIPAA guidance (Guidance) regarding solicitations of blood and plasma donations from recovered COVID-19 patients.

In the Guidance, OCR affirms that health care providers can use patient information to identify patients that have recovered from COVID-19 to provide information about how they may donate plasma or blood with COVID-19 antibodies to support treatment of other patients with COVID-19. OCR explains that this use of protected health information would be permissible as part of a provider’s health care operations to enable case management of COVID-19 patient populations. OCR also reminds providers that because the activity is a health care operation and not for treatment purposes, HIPAA’s minimum necessary standard applies to any use or disclosure of protected health information in connection with the solicitation of blood or plasma donations.
Continue Reading HHS Issues Guidance for Providers on Soliciting COVID-19 Blood and Plasma Donations