HHS Seeks Public Comment on the HIPAA Privacy Rule

Earlier today the U.S. Department of Health and Human Services Office of Civil Rights (HHS OCR) issued a Request for Information (RFI) seeking public input on the HIPAA Privacy Rule. Specifically, HHS OCR is interested in how the HIPAA Privacy Rule could be modified to further Secretary Azar’s goal of promoting coordinated, value-based health care. This is the latest RFI issued as part of the “Regulatory Sprint to Coordinated Care” initiative being spearheaded by Deputy Secretary Eric Hargan. Previous RFIs have sought information regarding the Stark Law and Anti-Kickback Statute. In the press release announcing the HIPAA RFI, HHS OCR emphasized its ongoing commitment to protect individual privacy and health information, while recognizing that current rules “may limit or discourage information sharing needed for coordinated care or to facilitate the transformation of value-based health care.” The announcement cites stories heard in addressing the opioid crisis about how the HIPAA Privacy Rule stood in the way of needed care. Health care providers and entities are encouraged to submit any information regarding HIPAA provisions that currently present barriers to coordinated, value-based care without meaningfully adding to patient privacy and security of PHI. … Continue reading

Posted in Health Care, HIPAA

Share this Article:

Required Reporting of Privileged Information

Arizona physicians must report to the Medical Board “any information that appears to show that a doctor of medicine is or may be medically incompetent, is or may be guilty of unprofessional conduct or is or may be mentally or physically unable to safely engage in the practice of medicine.”   A.R.S. § 32-1451(A).  In fact, failure to make such a report is an act of unprofessional conduct.  Id. Physicians typically learn of the unprofessional or incompetent practice of others either: (1) when seeing a new patient for the first time and learning of their past providers’ practices; or (2) witnessing the potentially unprofessional practices of colleagues or peers.  Occasionally, however, a physician may have another provider as her patient.  In this case, if a medical condition is causing the patient to be “mentally or physically unable to safely engage in the practice of medicine,” the treating physician likely has an obligation to report her patient to the Arizona Medical Board.  See id. The obligation and potential report, however, raise concerns for physician-patient privilege, HIPAA protections, and other privacy issues.  The Arizona Medical Board has taken the position that these concerns … Continue reading

Posted in direct primary care, Health Care, HIPAA

Share this Article:

Protecting Vulnerable Adults While Protecting Their Physicians – A Proposed Statutory Amendment

The Arizona Supreme Court’s recent decision in Delgado v. Manor Care of Tucson AZ, LLC, subjects health care providers to liability for ordinary negligence under the Adult Protective Services Act.  This decision therefore creates a potential new strategy for plaintiffs’ attorneys and subjects providers to more severe consequences than previously available in malpractice suits.  A simple statutory amendment is available to limit this source of liability without impacting plaintiffs’ ability to pursue legitimate malpractice claims. Arizona’s Adult Protective Services Act (A.R.S. §§ 46-451 – 503) was enacted to protect incapacitated adults from caregivers who endanger their lives or health through abuse, neglect, or exploitation. Claims arising out of health care providers’ ordinary negligence, on the other hand, are covered by the Medical Malpractice Act (A.R.S. §§ 12-561 – 573).  Although legislative history is sparse, there is evidence that the legislature never intended APSA to encompass medical malpractice actions.  This position is supported by the legal meanings of the terms “neglect,” as used in the APSA, and “negligence,” which is required for malpractice liability.  Although they share a common root word, the legal definitions of “neglect” and “negligence” are not the … Continue reading

Posted in Uncategorized

Share this Article:

(Un)Protected Health Information Held for Ransom

Recent experiences of major health care companies offer a reminder of the importance of data security and following a well-written policy for compliance with the HIPAA Privacy Rule. Lithuanian police reported on Tuesday that a hacking group had illegally obtained and published over 25,000 private photos and personal data from a chain of European plastic surgery clinics. According to the report, hackers made the theft known and demanded a $385,000.00 ransom for the data.  When the demands for payment were refused, the information was published on the Internet.  The investigation is in its early stages and it is not clear how many individual patients are affected. Although this breach involves a European provider, not covered by HIPAA, it highlights the value and vulnerability of healthcare data. In fact, there have been reports of similar breaches involving potentially millions of American patients.  Data security experts have estimated that nearly 1 million new malware threats are released every day, with ransomware being the most common type. The HIPAA Privacy Rule (42 C.F.R. Part 164) requires covered entities to implement administrative, physical, and technical safeguards to guard against the breach of protected health … Continue reading

Posted in Health Care, HIPAA, Uncategorized

Share this Article:

Is Your Arbitration Agreement Enforceable?

Health care providers may favor arbitration due to the perception that it is a faster, less expensive alternative to litigation. State and federal policy favors arbitration for the same reasons.  Because of the strong public policy favoring arbitration, doubts as to whether a case is subject to arbitration are resolved in favor of arbitration.  (Arbitration may also provide a desired level of confidentiality by preventing allegations from becoming a matter of public record in court.)  Arbitration agreements, however, are subject to the same defenses to enforceability as any other contract. A recent decision of the Arizona Court of Appeals provides guidance for evaluation of the enforceability of arbitration agreements. Gullett v. Kindred Nursing Centers West, LLC arose out of the plaintiff’s claims that a rehabilitation center had abused and neglected his father, who lived there for the last month of his life.  After the complaint was filed, the defendant moved to compel arbitration pursuant to an agreement signed by the decedent upon admission.  The plaintiff opposed arbitration, arguing that the agreement was substantively and procedurally unconscionable.  After evaluating several aspects of the agreement, the Court held that the agreement was … Continue reading

Posted in Health Care

Share this Article: