Author: WadeEmmert

While this blog is focused on Texas and federal law, many of our clients offer telehealth or Internet-centric services which implicate the laws of other states.

Andrew J. Demetriou, for HuschBlackwell, discusses new California regulations that “contemplate a dramatic expansion of state review of transactions affecting health care services.”

When approved, final regulations would be effective January 1, 2024. …

The regulations have been proposed pursuant to California Health & Safety Code §§ 125507-125507.6, part of an omnibus health care law enacted in 2022 which created OHCA [California Office of Health Care Affordability] and gave it broad authority to set and enforce heath care cost targets for the State.  The law requires that OHCA receive 90 days’ advance notice of transactions intended to close on or after April 1, 2024, that affect health care services in California. OHCA is required within the notice period to decide whether to conduct a cost and market impact review (“CMIR”) to determine whether a proposed transaction will reflect a market failure, increase market power of a party or create a risk of significant impact on market competition, the State’s ability to meet cost targets or costs for health care purchasers or consumers. Any transaction subject to the notice requirements may not be closed until OHCA has determined not to conduct a CMIR or, alternatively, has completed a CMIR evaluating the transaction.

Rebecca Boone, for AP News:

Data shows American health care workers now suffer more nonfatal injuries from workplace violence than workers in any other profession, including law enforcement. …

It’s not just deadly shootings: Health care workers racked up 73% of all nonfatal workplace violence injuries in 2018, the most recent year for which figures are available, according to the U.S. Bureau of Labor Statistics. …

Around 40 states have passed laws creating or increasing penalties for violence against health care workers, according to the American Nurses Association. Hospitals have armed security officers with batons, stun guns or handguns, while some states, including Indiana, Ohio and Georgia, allow hospitals to create their own police forces.

From Physician’s Weekly:

The HIPAA Privacy Rule doesn’t specify provisions for protecting PHI data entered in AI technologies. What the rule does stipulate is that healthcare entities are not obligated to get patient consent for interoperability and electronic exchange of PHI. Certain states or entities, however, adopted bills, policies, regulations, or statutes requiring opt-in or opt-out consent from patients. The George Washington University Milken Institute School of Public Health pulled together a list of those states and entities, but its last update was in 2016.

A report from VMG Health by Anthony Domanico, CVA, and Ben Minnis discussing the growing trend of introducing empanelment metrics into compensation formulas:

Empanelment can take on many forms in the compensation system, but all metrics center around the size of a particular primary care provider’s (PCP’s) patient panel (i.e., panel size and/or acuity-adjusted panel size), and how well (e.g., quality, patient experience) and how efficiently (e.g., shared savings, reduction of unnecessary procedures, etc.) a particular PCP take cares for those patients in his or her charge.

Kirk J. Nahra, Ali A. Jessani, and Samuel Kane, for WilmerHale:

In the past several weeks, the FTC has taken two additional actions that further signal its emergence as a leading regulatory force for health data. First, on July 20, the Commission issued a joint letter with the Department of Health and Human Services’ Office for Civil Rights (HHS OCR) pertaining to the use of online tracking technologies by hospitals and telehealth providers. Second, on July 25, the Commission published a blog post highlighting key takeaways from its recent health data enforcement actions. Taken together, these actions indicate that the FTC’s recent interest in health privacy enforcement is no fluke — rather, companies should expect the FTC to remain an active regulator in this space for the foreseeable future.  Accordingly, companies that handle health data (as broadly defined by the FTC) — particularly those outside of the scope of HIPAA — should ensure that their health data privacy and security programs are robust.

Erica Pauda, for KXAN:

The Office of the Attorney General filed an appeal Saturday to the Texas Supreme Court after a Texas judge issued a temporary injunction over exceptions to state abortion laws, according to a news release from the OAG’s office.

The ruling clears things up for doctors on when they can provide abortions. Those cases include medical conditions that pose a risk of infection or unsafe pregnancy that could pose a risk to the mother’s health, medical conditions that are exacerbated by pregnancy and fetal conditions where the fetus is unlikely to survive.

Will Maddox, for D Magazine:

HB 1998 bars physicians who have committed moral terpitude felonies and misdemeanors from practicing in Texas and requires the Texas Medical Board to have closer oversight of physicians.

This year’s legislative session scored significant victories for patient safety advocates. Until this year, it was possible for out-of-state physicians who have been convicted of felonies or misdemeanors related to moral turpitude to be able to come to Texas and continue to practice. Before HB 1998 was signed into law in 2023, a physician from other states could come to practice in Texas even if their license was revoked, restricted, or suspended in another state.

From ScienceBlog:

Physicians are using ChatGPT for many things, mainly to consolidate notes. There has been a lot of focus on using AI to quickly find answers to clinical questions, but a lot of practical interest among physicians has also been in summarizing visits or writing correspondence that everybody has to do, but nobody wants to do. A lot of that content has protected health information in it.

When physicians meet with their patients, they want to be fully engaged instead of taking notes. They may take brief notes but then have to elaborate on them for the medical record later. It’s much easier and better than the patient-physician interaction to have the physician focus on the patient and have the encounter be recorded and transcribed. Then the transcription could go into the Chat GPT window, which reorganizes it and summarizes it.

…

The protected health information is no longer internal to the health system. Once you enter something into ChatGPT, it is on OpenAI servers and they are not HIPAA compliant. That’s the real issue, and that is, technically, a data breach.

Press Release, Texas Attorney General:

Kenric Wakeen Griffin, co-owner of New Horizons Durable Medical Equipment based in Frisco, TX, was sentenced to 49 months of federal incarceration to be followed by a year of supervised release for his role in a medical equipment fraud scheme. In addition, Griffin was ordered to pay $5,114,016.19 in restitution to government health care programs. A jury convicted Griffin of conspiracy to defraud the United States and to pay and receive healthcare kickbacks, as well as seven counts of payment and receipt of kickbacks.

Griffin obtained patients by offering and paying kickbacks to marketers as well as disguising illegal payments as marketing services and outsourced business services. Griffin then submitted false claims to both Medicaid and Medicare for orthopedic equipment that was never provided, not medically necessary, and not authorized by a physician.

Steve Adler, for The HIPAA Journal:

The Biden Administration has unveiled its National Cyber Workforce and Education Strategy (NCWES) which seeks to address the current cyber workforce shortages and prepare the country for a cyber future.

The NCWES was developed by the Office of the National Cyber Director in collaboration with 34 agencies, departments, and EOP components and lays out a comprehensive approach for addressing immediate and long-term cyber workforce needs while ensuring all Americans have the cybersecurity skills they need to participate in the digital ecosystem.

The aim of the strategy is to empower all Americans looking to participate in the digital ecosystem, including communities that are currently underrepresented in the cyber workforce, and to promote and develop pathways for well-paying and fulfilling cyber careers. Under the strategy, the Biden Administration and its partners will leverage adaptable ecosystems to effect change at scale, enable the lifelong development of cyber skills, and grow and enhance the cyber workforce through diversity and inclusion.

The National Cyber Workforce and Education Strategy [PDF]