Author: WadeEmmert

Categories
Health Law Highlights

US Sues Telehealth Companies Over Data Sharing, Cancelation Policies

Summary of article from mHealth Intelligence, by Anuja Vaidya:

The US Department of Justice (DOJ) and the Federal Trade Commission (FTC) have filed an amended complaint against telehealth companies, including Cerebral Inc., Zealthy Inc., Gronk Inc., and Bruno Health P.A., alleging misuse of patients’ personal health data, deceptive cancellation practices, and unauthorized disclosure of sensitive data. The complaint also accuses the companies of deploying online tracking technologies for targeted advertisements without user consent. The government alleges that the companies violated the Federal Trade Commission Act (FTC Act), the Opioid Addiction Recovery Fraud Prevention Act of 2018, and the Restore Online Shoppers’ Confidence Act (ROSCA). While the claims against Cerebral have been settled, with the company agreeing to pay $5 million in consumer redress and a $2 million civil penalty, the government continues to pursue claims against the other companies and individuals involved. Cerebral has also been scrutinized for its controlled substance prescriptions and alleged “unlawful business practices”.

Categories
Health Law Highlights

New Part II Rules

Summary of article from Gordon Feinblatt LLC, by Alexandria K. Monanio:

The Confidentiality of Substance Use Disorder (SUD) Patient Records regulations, known as Part II, have been updated to better align with HIPAA privacy protections. Providers have until April 2026 to comply with these changes, which include allowing patients to sign a single consent for all future uses of treatment, payment, and health care operations data. However, identifiable Part II data cannot be disclosed in legal proceedings without explicit patient consent or a court order. The updated rules also provide a safe harbor for investigative agencies and allow patients to file Part II violation complaints directly to the Secretary of HHS. The HHS plans to develop guidance and conduct outreach to facilitate compliance with the new rule, with additional changes to the HIPAA rules expected in the future.

Categories
Health Law Highlights

Texas Children’s Hospital Whistleblower Doctor Indicted on Four Counts of Criminal HIPAA Violations

Summary of article from The HIPAA Journal, by Steve Adler:

Dr. Eithan Haim, a surgeon from Texas Children’s Hospital, has been indicted on four counts of violating the Health Insurance Portability and Accountability Act (HIPAA) by the Department of Justice. Dr. Haim allegedly leaked documents proving the hospital continued to provide gender-affirming care to minors, despite public claims to the contrary, following legal threats from Texas Governor Greg Abbott. The leaked documents, shared with reporter Christopher F. Rulo, indicated that treatments, including hormone-related therapies and implanted puberty blockers, were provided throughout 2022 and 2023. Dr. Haim, who admitted to being the whistleblower, is now facing prosecution, though he maintains that all sensitive patient information was redacted from the documents. This case follows a new law passed by the Texas Legislature banning gender-affirming interventions, which Texas Children’s Hospital has since complied with.

Categories
Health Law Highlights

Checking the Pulse: An Approach to Telehealth Privacy and Cybersecurity Due Diligence

Summary of article from Troutman Pepper, by Brent Hoard, Emma Trivax, Erin Whaley:

The rapid expansion of telehealth introduces complex privacy and cybersecurity challenges, impacting financing or acquisition decisions in the health care sector. A strategic pre-diligence review is advised to identify potential risks and regulatory environment, including HIPAA, FTC’s Health Breach Notification Rule, state-specific privacy laws, and international privacy laws. The pre-diligence review should also include an examination of the target’s privacy policy, website, and data practices. This information should then inform a comprehensive due diligence process, including the development of a request list and a framework for organizing diligence issues. Finally, a plan should be put in place to address any identified compliance risks or business issues pre- and post-acquisition.

Categories
Health Law Highlights

Patients Are Bullish on the Benefits of genAI, but Still Have Qualms

Summary of article from Healthcare IT News, by Andrea Fox:

The 2024 Deloitte Center for Health Solutions consumer survey reveals that while U.S. consumers are optimistic about generative artificial intelligence (genAI) in healthcare, their use has dropped slightly due to increased distrust in AI outputs. The report suggests that to overcome this distrust, healthcare organizations should align genAI with the values, expectations, and trust of patients. The survey shows that 66% of respondents believe genAI could reduce wait times and healthcare costs, but 30% do not trust the information provided by these tools. The report recommends that healthcare organizations engage clinicians as change agents, ensure transparency, and enlist community partners to advocate for the technology. Deloitte emphasizes the importance of governance in genAI implementation to ensure effective use, data quality, bias mitigation, and privacy protection.

Categories
Health Law Highlights

American College of Physicians Issues Policy Position Paper on AI use in Health Care

Summary of article from Dermatology Advisor, by Colby Stong:

The American College of Physicians (ACP) has released a policy position paper detailing 10 recommendations for the use of artificial intelligence (AI) and machine learning in healthcare. The ACP emphasizes that AI should complement rather than replace physicians’ decision-making and should adhere to medical ethics principles. It advocates for transparency, privacy, and continuous improvement in AI applications, as well as accountability from AI developers. The ACP also suggests AI tools should reduce clinician burden and that all levels of medical education should include AI training. Lastly, the ACP calls for research into the environmental impact of AI.

Categories
Health Law Highlights

Humana Can Challenge Medicare Clawback Rule

Summary of article from Reuters, by Brendan Pierson:

Humana can proceed with its lawsuit against a Biden administration rule that enables Medicare to reclaim overcharges from insurers. The rule, established in January 2023, permits the government to recoup payments to Medicare Advantage plans when audits reveal charges for diagnoses not present in patients’ medical records. The Biden administration believes this could help recover around $4.7 billion over a decade. Humana argues the rule is “arbitrary and capricious,” with potential unforeseen consequences for Medicare Advantage organizations and beneficiaries. The judge rejected the administration’s request to dismiss the case, stating that the perceived risk of future harm was enough to establish standing.

Categories
Health Law Highlights

HHS Must Take Immediate Action to Improve Cybersecurity at Large Healthcare Organizations

Summary of article from The HIPAA Journal, by Steve Adler:

Senator Ron Wyden has called on the Department of Health and Human Services (HHS) to take immediate action against large healthcare companies to strengthen their cybersecurity practices. He has criticized HHS for its lack of regulation and oversight, particularly in light of recent cyberattacks on major healthcare organizations, such as Change Healthcare and Ascension. Wyden has recommended the development and enforcement of minimum cybersecurity standards for systematically important entities (SIEs), including resilience to cyberattacks and business continuity. He also suggested that the HHS should stress test SIEs and prioritize their audits. Moreover, he has urged HHS to provide technical assistance and guidance to smaller healthcare organizations through the Centers for Medicare & Medicaid Services (CMS)’s Quality Improvement Organizations and Medicare Learning Network programs.

Categories
Health Law Highlights

Avoiding HIPAA Penalties: A Checklist for Covered Entities

Summary of article from Holland & Hart, by Kim Stanger:

The Health Insurance Portability and Accountability Act (HIPAA) applies to healthcare providers, healthcare clearinghouses, and health plans, enforcing rigorous privacy, security, and breach notification rules. Non-compliance can lead to severe civil and criminal penalties, with a tiered penalty structure based on the severity and nature of the violation. While there isn’t an explicit private cause of action for injured individuals under HIPAA, claims can be made under negligence or common law. To ensure compliance, entities should assign HIPAA responsibility, understand use and disclosure rules, implement and maintain written policies, execute appropriate business associate agreements, and stay updated with changes in regulations.

Categories
Health Law Highlights

Texas Nursing Homes Face Continued Staffing Shortages, Low Ratings

Summary of article from Community Impact, by Sarah Hernandez:

In 2022, the median turnover rate for registered nurses and licensed vocational nurses in long-term care facilities exceeded 50%, according to the Texas Center for Nursing Workforce Studies. This increase is attributed to exhaustion after the pandemic, with long-term care proving more demanding than acute hospital settings. Texas received the lowest ranking for nursing home conditions from advocacy group Families for Better Care. In response, new rules from the Centers for Medicare and Medicaid Services aim to improve care quality by mandating minimum staffing requirements. However, the Texas Center for Nursing Workforce Studies and industry professionals suggest this is unrealistic without strategies to improve staff retention and recruitment, such as pay increases and educational partnerships.