The Health Law Ticker

We are excited to announce the launch of our newest podcast, Legal Prescriptions. This audio series will explore recent developments impacting healthcare companies and professionals, including legislation, reform, managed care, litigation, regulatory compliance and privacy. In addition to the innovative minds at Nossaman, we look forward to welcoming industry experts to the conversation to lend their perspectives.

In our flagship episode, I chat with John Puente, who served as Deputy Director and Chief Counsel to the California Department of Health Care Services (DHCS ...

On May 18, 2023 the Federal Trade Commission (FTC) released a Notice for Proposed Rule Making (NPRM) for updates to the Health Breach Notification Rule, 16 C.F.R. Part 318 (the Rule). The Rule serves to ensure entities that are not defined as Covered Entities under the Health Insurance Portability and Accountability Act (HIPAA) are nevertheless accountable when the sensitive health information of consumers is compromised and that entities cannot conceal breaches from consumers. The Rule imposes notification requirements for a breach of unsecured identifiable health ...

Newly enacted Assembly Bill 1184 (“AB 1184”) will effectuate revisions to the Confidentiality of Medical Information Act that will require significant changes to the operational practices and risk management assessments of health care providers and insurers. AB 1184's changes to the Confidentiality of Medical Information Act reflect a shift toward compartmentalizing the medical information of a patient, enrollee or insured individual (“Enrollees”) away from the policyholder – whether that policyholder is the spouse, guardian or parent of the Enrollee. The new ...

Recognizing the need to empower healthcare providers to reach those most at risk during the COVID-19 pandemic, the Department of Health and Human Services’ Office for Civil Rights recently issued a notification announcing that it will not impose penalties for noncompliance with HIPAA Rules against those healthcare entities who utilize video and voice applications to provide telehealth services.

During this national emergency, covered healthcare providers can use any non-public facing application to communicate with patients, such as Apple FaceTime, Facebook Messenger ...

When Covered Entities or Business Associates or their counsel analyze whether a particular disclosure of Protected Health Information (or PHI, as defined in HIPAA) is permissible, they should be sure also to analyze whether the disclosure complies with HIPAA’s Minimum Necessary Rule (MNR), which is oft forgot. This issue arises when disclosing PHI in response to subpoenas, which HIPAA permits as long as the disclosing party receives satisfactory assurances that the requesting party has made reasonable efforts to obtain a protective order or to notify the individual(s) who ...

On May 10, 2017, the U.S. Health and Human Services Department Office for Civil Rights (OCR) announced an agreement whereby Memorial Hermann Health System (MHHS) will pay a $2.4 million penalty for releasing a patient’s name in a press release.  According to the resolution agreement, in September 2015, a patient at an MHHS clinic presented an allegedly fraudulent identification card to office staff.  The staff notified law enforcement and the patient was arrested.  Although notification to law enforcement did not violate the HIPAA rules, it wa a violation to include the patient’s ...

On January 9, 2017, the U.S. Department of Health and Human Services, Office of Civil Rights (OCR) announced the first HIPAA enforcement action against a health care provider for failing to make a timely report of a breach of unsecured protected health information (PHI).  Presence Health (Presence) agreed to pay $475,000 and implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Breach Notification Rule.

The HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, requires HIPAA covered entities and ...

As the clock struck midnight on New Year’s Eve, a number of new California laws took effect.  Here are three that California hospital executives need to know:

• Notice of Observation Status (SB 1076)

  When a patient is being cared for in an inpatient unit of a hospital (or in an observation unit) the hospital must provide the patient with a written notice when the patient is in observation status.  The notice must inform the patient that the observation care is being provided on an outpatient basis and that this may affect the patient’s health care coverage reimbursement.  There are also ...