Author: WadeEmmert

Jacqueline LaPointe, for RevCycle Intelligence:

As of 2019, private equity entities accounted for 65 percent of physician practice acquisitions, representing the vast majority of physician deals, according to data from the American Hospital Association (AHA). …

Researchers from several universities, including the University of Chicago and Columbia University, found that private equity acquisitions in every studied healthcare setting have increased in prevalence, and those investments were most closely associated with up to a 32 percent increase in costs for payers and patients.

Private equity ownership of medical settings was also associated with mixed to harmful effects on care quality. …

Research has linked price hikes to consolidation in healthcare, and when the topic of healthcare mergers and acquisitions comes up lately, private equity is on the tip of everyone’s tongue.

For mobile devices used by your providers and staff (your mobile endpoints), Michael Goad, for TechTarget, suggests:

1. Ensure devices and data are secure and encrypted … Encrypting mobile data prevents unauthorized access and protects patient information. [Use] strong encryption protocols for … Data transmission and storage … Regularly monitoring systems for potential security issues, OS patching and updates.
Enhanced security and networking policies and tools to prevent malicious attacks.

2. Implement strong authentication controls …  so unauthorized users cannot access confidential data.

3. Establish clear device usage policies …  Provide specifics, such as who can access these devices, how often users must update them and which apps users can install on them.

4. Conduct regular security audits … to ensure that all devices used by staff comply with regulations and relevant policies. A formalized response plan for dealing with potential data breaches is vital as well.

5. Carefully manage applications … ensure that application data is digitally sandboxed to control how data can be accessed, viewed and shared.

While this blog is focused on Texas and federal law, many of our clients offer telehealth or Internet-centric services which implicate the laws of other states.

Andrew J. Demetriou, for HuschBlackwell, discusses new California regulations that “contemplate a dramatic expansion of state review of transactions affecting health care services.”

When approved, final regulations would be effective January 1, 2024. …

The regulations have been proposed pursuant to California Health & Safety Code §§ 125507-125507.6, part of an omnibus health care law enacted in 2022 which created OHCA [California Office of Health Care Affordability] and gave it broad authority to set and enforce heath care cost targets for the State.  The law requires that OHCA receive 90 days’ advance notice of transactions intended to close on or after April 1, 2024, that affect health care services in California. OHCA is required within the notice period to decide whether to conduct a cost and market impact review (“CMIR”) to determine whether a proposed transaction will reflect a market failure, increase market power of a party or create a risk of significant impact on market competition, the State’s ability to meet cost targets or costs for health care purchasers or consumers. Any transaction subject to the notice requirements may not be closed until OHCA has determined not to conduct a CMIR or, alternatively, has completed a CMIR evaluating the transaction.

Rebecca Boone, for AP News:

Data shows American health care workers now suffer more nonfatal injuries from workplace violence than workers in any other profession, including law enforcement. …

It’s not just deadly shootings: Health care workers racked up 73% of all nonfatal workplace violence injuries in 2018, the most recent year for which figures are available, according to the U.S. Bureau of Labor Statistics. …

Around 40 states have passed laws creating or increasing penalties for violence against health care workers, according to the American Nurses Association. Hospitals have armed security officers with batons, stun guns or handguns, while some states, including Indiana, Ohio and Georgia, allow hospitals to create their own police forces.

From Physician’s Weekly:

The HIPAA Privacy Rule doesn’t specify provisions for protecting PHI data entered in AI technologies. What the rule does stipulate is that healthcare entities are not obligated to get patient consent for interoperability and electronic exchange of PHI. Certain states or entities, however, adopted bills, policies, regulations, or statutes requiring opt-in or opt-out consent from patients. The George Washington University Milken Institute School of Public Health pulled together a list of those states and entities, but its last update was in 2016.

A report from VMG Health by Anthony Domanico, CVA, and Ben Minnis discussing the growing trend of introducing empanelment metrics into compensation formulas:

Empanelment can take on many forms in the compensation system, but all metrics center around the size of a particular primary care provider’s (PCP’s) patient panel (i.e., panel size and/or acuity-adjusted panel size), and how well (e.g., quality, patient experience) and how efficiently (e.g., shared savings, reduction of unnecessary procedures, etc.) a particular PCP take cares for those patients in his or her charge.

Kirk J. Nahra, Ali A. Jessani, and Samuel Kane, for WilmerHale:

In the past several weeks, the FTC has taken two additional actions that further signal its emergence as a leading regulatory force for health data. First, on July 20, the Commission issued a joint letter with the Department of Health and Human Services’ Office for Civil Rights (HHS OCR) pertaining to the use of online tracking technologies by hospitals and telehealth providers. Second, on July 25, the Commission published a blog post highlighting key takeaways from its recent health data enforcement actions. Taken together, these actions indicate that the FTC’s recent interest in health privacy enforcement is no fluke — rather, companies should expect the FTC to remain an active regulator in this space for the foreseeable future.  Accordingly, companies that handle health data (as broadly defined by the FTC) — particularly those outside of the scope of HIPAA — should ensure that their health data privacy and security programs are robust.

Erica Pauda, for KXAN:

The Office of the Attorney General filed an appeal Saturday to the Texas Supreme Court after a Texas judge issued a temporary injunction over exceptions to state abortion laws, according to a news release from the OAG’s office.

The ruling clears things up for doctors on when they can provide abortions. Those cases include medical conditions that pose a risk of infection or unsafe pregnancy that could pose a risk to the mother’s health, medical conditions that are exacerbated by pregnancy and fetal conditions where the fetus is unlikely to survive.

Will Maddox, for D Magazine:

HB 1998 bars physicians who have committed moral terpitude felonies and misdemeanors from practicing in Texas and requires the Texas Medical Board to have closer oversight of physicians.

This year’s legislative session scored significant victories for patient safety advocates. Until this year, it was possible for out-of-state physicians who have been convicted of felonies or misdemeanors related to moral turpitude to be able to come to Texas and continue to practice. Before HB 1998 was signed into law in 2023, a physician from other states could come to practice in Texas even if their license was revoked, restricted, or suspended in another state.

From ScienceBlog:

Physicians are using ChatGPT for many things, mainly to consolidate notes. There has been a lot of focus on using AI to quickly find answers to clinical questions, but a lot of practical interest among physicians has also been in summarizing visits or writing correspondence that everybody has to do, but nobody wants to do. A lot of that content has protected health information in it.

When physicians meet with their patients, they want to be fully engaged instead of taking notes. They may take brief notes but then have to elaborate on them for the medical record later. It’s much easier and better than the patient-physician interaction to have the physician focus on the patient and have the encounter be recorded and transcribed. Then the transcription could go into the Chat GPT window, which reorganizes it and summarizes it.

…

The protected health information is no longer internal to the health system. Once you enter something into ChatGPT, it is on OpenAI servers and they are not HIPAA compliant. That’s the real issue, and that is, technically, a data breach.