“Prevention is better than cure” is a maxim that has reigned in the healthcare industry for thousands of years; however, this phrase echoes through the halls of the legal profession as well.
Healthcare practices often neglect to appreciate the value of their confidential information as assets and the need to protect these assets. Although HIPAA and HITECH compliance aids in maintaining the confidentiality of patient records, it does not protect a provider’s trade secrets.
Trade secrets of a healthcare practice may include any of the following: patient lists, financial information, contract rates, contract terms client lists, collection rates, marketing tactics, pricing/discount information, and methods of doing business. If leaked, this information may be used by competitors to secure advantages over a healthcare practice. For example, patient lists could be used to solicit a practice’s patients or contract rates and terms can be used by a competitor to undercut the rates of a practice. Continue reading →
Healthcare providers have heard the HIPAA disaster stories: a laptop containing patient information is left on the counter at the coffee shop; a thumb drive with patient files goes missing; a rogue employee accesses patient information she has no business accessing; hackers get into a practice’s server and hold the patient information for ransom.
HIPAA is a federal law designed for safe disclosure of patient’s protected health information. The news headlines showcase giant penalties for violations. However, Florida health care providers should also know that Florida has its own consumer protection statute, called the Florida Information Protection Act. So while you’re busy worrying about your HIPAA exposure in any of these situations, remember that there is potential State exposure as well.
So what should a healthcare provider do if it believes there has been a hack or some other unauthorized disclosure? Responses vary based on the situation presented, but below is a good jumping off point: Continue reading →
It is becoming easier and easier for physicians to communicate with each other and their patients. And although open communication is generally thought of as positive, the medical profession should proceed with caution. Patients and consulting physicians rely heavily on their communications with their treating physicians. Thus, communications which do not require the thought of focus that a physician would otherwise give to a situation may result in disaster. While there are many potential ways a physician might use text messaging and social media both professionally and personally, we will focus generally on physician interactions with other physicians, and physician interactions with patients.
To start, physicians should be aware that, in 2011, the American Medical Association issued guidelines in its Code of Ethics for physicians who use social media: Continue reading →
Section 13411 of the HITECH Act authorizes and requires the Department of Health & Human Services Office for Civil Rights (“OCR”) to provide for periodic audits to ensure that covered entities and business associates comply with the HIPAA Privacy and Security Rules. OCR conducted its first round of those audits in 2011 and 2012, and has announced that it will begin a second phase. Unlike the first phase of audits, which were limited to covered entities, both covered entities and business associates are intended to be audited during this second phase.
How will audited businesses be selected?
This fall, OCR will deliver pre-audit surveys to between 550 and 800 covered entities. OCR is attempting to obtain a fair snapshot of all covered entities, so these pre-audit surveys will be sent to health care providers, health plans, and health clearinghouses. Moreover, the audits will span the gamut of business sizes, from large corporations to solo practitioners. After pre-audit surveys are returned, OCR will randomly select 350 of those covered entities for a full audit. As a part of these full audits, covered entities will be asked to identify their business associates. OCR will then select 50 business associates to participate. Continue reading →
Many health policy experts are betting on the expanded role of telemedicine as an essential cost-saving, quality (and access) enhancing tool. Yet legal and policy issues have dogged the development of useful telemedicine guidelines, making it difficult to know what’s ok and what’s not. What sort of licensure is required for physicians practicing telemedicine? When is the physician “practicing medicine” vs. “merely consulting?” When is a physician patient relationship established? Is one even necessary? The newly developed model policy developed by the Federation of State Medical Boards should help guide states in developing specific telemedicine standards.
The Department of Health and Human Services announced this morning that it has entered into a settlement agreement with Parkview Health System, Inc., an Indiana medical group caught up in HIPAA violation case. Parkview was assisting a retiring physician to transition her patients to new providers. Parkview was also considering purchasing some of the physician’s patient records. When Parkview attempted to return between 5,000 and 8,000 patient records to the physician, she was not home to accept their return. Parkview employees left cardboard boxes containing between 5,000 and 8,000 patient medical records outside of the physician’s home, and within twenty feet of a public road. In settlement and release of HHS’ claims against Parkview for such a HIPAA violation, Parkview agreed to pay the Department of Health and Human Services $800,000 and enter into a Corrective Action Plan. The entire Resolution Agreement between Parkview and HHS is available here.
Until recently, the State of Florida has successfully avoided regulating telemedicine to account for advancements in technology. In 2003, the State issued standards for telemedicine prescribing practice for medical doctors and doctors of osteopathy, but has not formally revisited its position in light of increasingly common telemedicine practice in several states – until now.
Florida’s forestalling has officially come to an end. The State recently enacted new physician standards for telemedicine practice, and the State legislature is presently considering further regulation. These new standards do not impinge upon the prior standards for telemedicine prescribing practice, but are issued in conjunction to it. Continue reading →
In an effort to help individuals access their health information so that they can become more actively involved in managing their own health care, several agencies within the Department of Health and Human Services promulgated a rule that modifies the Clinical Laboratory Improvement Amendments (“CLIA”) and the Health Insurance Portability and Accountability Act (“HIPAA”) in a way that supersedes Florida State laws governing the disclosure of laboratory test results directly to patients.
The Florida Board of Medicine reviewed Rule 64B8-9.003, Florida Administrative Code which provides standards for the adequacy of medical records. The underlined portions below are the new standards required for medical records as it relates to compounded medications. These standards are effective September 9, 2013. Continue reading →
The popular conception in healthcare is that (1) a new law was passed, (2) it changed everything, and (3) in a bad way. Over time, however, it should get clearer that, while there was a law passed, the law alone is not driving changes to our healthcare system: it’s our own demographics and behavior. Most of the tax dollars currently fueling our healthcare system (and arguably our economy) are tied to an aging Boomer population that are soon to drop off the income producing cliff into the Medicare population. Bye bye income earners; hello ridiculous public healthcare expenditures. Though it is true that the timing for expanding public spending on healthcare (with the federal mandates aimed at employers and Medicaid eligibility expansion) could not be more poorly timed, the situation is more of a “Perfect Storm” than a surgical strike.
The financial stress of our changing population and of a historic utilization based healthcare system is causing our healthcare system to morph in every way. “Health insurance,” with increasing cost, copays and deductibles and reduced benefits, is quickly ceasing to look like your father’s 80/20 major medical plan and starting to look more like catastrophic coverage. Fee for service compensation is fast becoming “spoken” out of existence. There are more “pay for performance,” “case rate” and other outcome and risk based compensation models than you can shake a stick at. The simple truths are: payers have to deliver more with less; and patients have to bear more and more of their healthcare expenses. Continue reading →