On April 9, 2020 the Department of Health & Human Services Office for Civil Rights (OCR) issued another Notification that it will exercise its enforcement discretion and not impose penalties for HIPAA violations in connection with good faith participation in the operation of COVID-19 testing sites during the COVID-19 emergency.
Continue Reading HHS Waives HIPAA Penalties for Operation of a Community-Based COVID-19 Testing Site

On March 17, the Trump Administration announced expanded reimbursement for clinicians providing telehealth services for Medicare beneficiaries during the COVID-19 Public Health Emergency. The Centers for Medicare and Medicaid Services (CMS) published an announcement, a fact sheet and Frequently Asked Questions.  To further facilitate telehealth services, the Office for Civil Rights (OCR) issued a notification describing certain technologies that would be permitted to be used for telehealth without being subject to penalties under the Health Insurance Portability and Accountability Act regulations (HIPAA). In addition, the Office of Inspector General (OIG) announced it will allow healthcare providers to reduce or waive cost-sharing for telehealth visits.
Continue Reading Federal Government Significantly Expands Telehealth Reimbursement During COVID-19 Public Health Emergency

In a long-awaited decision concerning the confidentiality of medical records and patient privacy, the Connecticut Supreme Court recently concluded that the physician-patient relationship establishes a duty of confidentiality to a patient in Connecticut, and that unauthorized disclosure of confidential information obtained for the purpose of treatment in the course of that relationship gives rise to a cause of action in tort, unless the disclosure is otherwise permitted by law.

In Byrne v. Avery Center for Obstetrics and Gynecology, P.C., the Court considered – for a second time – the legal implications arising from the defendant’s mailing of the plaintiff’s medical records in 2005 to a probate court in response to a subpoena without providing notice to the plaintiff, filing a motion to quash the subpoena, or appearing in court as requested under the subpoena.  Previously, in 2014 the Court held that the Health Insurance Portability and Accountability Act of 1996 (HIPAA) did not preempt state law negligence claims arising from the alleged breach of confidentiality by the defendant in this case, and further that the HIPAA privacy and security standards can inform the applicable standard of care to the extent it is common practice in Connecticut for health care providers to comply with HIPAA. In that decision, the Court expressly reserved judgment as to whether Connecticut law actually recognized a negligence action arising from a health care provider’s alleged breach of its duty of confidentiality to a patient. In this case, the Court was tasked with resolving that question after a trial court subsequently granted summary judgment for the defendants on remand following the Court’s 2014 decision. In granting summary judgment, the trial court explained that no Connecticut court had previously recognized a common-law privilege for physician-patient communications, and that such a determination was better left to the Supreme and Appellate courts or the legislature.Continue Reading Connecticut Supreme Court Recognizes Common-Law Cause of Action for Unauthorized Disclosure of Confidential Medical Information