The Health Law Ticker

California’s new Office of Health Care Affordability recently adopted emergency regulations (Final Regulations) implementing the Health Care Market Oversight Program, required under California’s Health Care Quality and Affordability Act (HCQAA). HCQAA, which created the Office of Health Care Affordability (OHCA), requires “health care entities” to provide written notice of certain “material change transactions” to OHCA. (Cal. Health & Safety Code § 127500 et seq.) OHCA may then conduct a cost and market impact review (CMIR), with the overarching goal of ...

On May 18, 2023 the Federal Trade Commission (FTC) released a Notice for Proposed Rule Making (NPRM) for updates to the Health Breach Notification Rule, 16 C.F.R. Part 318 (the Rule). The Rule serves to ensure entities that are not defined as Covered Entities under the Health Insurance Portability and Accountability Act (HIPAA) are nevertheless accountable when the sensitive health information of consumers is compromised and that entities cannot conceal breaches from consumers. The Rule imposes notification requirements for a breach of unsecured identifiable health ...

Many medical staffs are wondering whether they may conduct remote peer review committee meetings in the interest of supporting social distancing efforts during the COVID-19 pandemic. While it is certainly reasonable to do so, the medical staff must ensure that they have appropriate safeguards in place prior to conducting such meetings. Below we have provided the answer to some questions that may arise when deciding whether to conduct peer review meetings remotely.

Do the governing documents already allow for meetings to be conducted by telephone or video?

Medical staffs should ...

Recognizing the need to empower healthcare providers to reach those most at risk during the COVID-19 pandemic, the Department of Health and Human Services’ Office for Civil Rights recently issued a notification announcing that it will not impose penalties for noncompliance with HIPAA Rules against those healthcare entities who utilize video and voice applications to provide telehealth services.

During this national emergency, covered healthcare providers can use any non-public facing application to communicate with patients, such as Apple FaceTime, Facebook Messenger ...

When Covered Entities or Business Associates or their counsel analyze whether a particular disclosure of Protected Health Information (or PHI, as defined in HIPAA) is permissible, they should be sure also to analyze whether the disclosure complies with HIPAA’s Minimum Necessary Rule (MNR), which is oft forgot. This issue arises when disclosing PHI in response to subpoenas, which HIPAA permits as long as the disclosing party receives satisfactory assurances that the requesting party has made reasonable efforts to obtain a protective order or to notify the individual(s) who ...

On May 10, 2017, the U.S. Health and Human Services Department Office for Civil Rights (OCR) announced an agreement whereby Memorial Hermann Health System (MHHS) will pay a $2.4 million penalty for releasing a patient’s name in a press release.  According to the resolution agreement, in September 2015, a patient at an MHHS clinic presented an allegedly fraudulent identification card to office staff.  The staff notified law enforcement and the patient was arrested.  Although notification to law enforcement did not violate the HIPAA rules, it wa a violation to include the patient’s ...

On January 9, 2017, the U.S. Department of Health and Human Services, Office of Civil Rights (OCR) announced the first HIPAA enforcement action against a health care provider for failing to make a timely report of a breach of unsecured protected health information (PHI).  Presence Health (Presence) agreed to pay $475,000 and implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Breach Notification Rule.

The HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, requires HIPAA covered entities and ...