Categories
Health Law Highlights

How Generative AI Is Shaping Drug Discovery

Summary of article from Healthcare Brew, by Mikaela Cohen:

Generative AI is revolutionizing drug discovery by significantly reducing the time and cost involved in developing new medicines, a process traditionally taking around a decade and $2.7 billion. Researchers are leveraging AI to identify new drug targets, design molecular structures, and expedite clinical trials, with AI-generated drugs moving from concept to first dose in as little as 1.5 years. However, ensuring high-quality, unbiased data is critical to the success of these AI systems. AI also holds promise in addressing patient recruitment challenges in clinical trials by simulating human genetic makeup and drug interactions. Despite these advancements, regulatory hurdles remain a significant challenge, with the need for health authorities to ensure AI’s efficacy and safety in drug development.

Categories
Health Law Highlights

Texas Judge Upholds Hospitals’ Right to Use Online Tracking Technology

Summary of article from The Record, by Suzanne Smalley:

A Texas federal judge ruled that the Biden administration’s policy to limit hospitals’ use of online tracking technology overstepped its authority. The policy, issued by the HHS in 2022, aimed to protect user privacy by warning that third-party data collection could violate HIPAA. Despite the HHS’s recent revision and warnings about the risks of technologies like Meta/Facebook Pixel and Google Analytics, the judge found that the guidance improperly extended HIPAA’s reach to data from public website searches. This decision followed a lawsuit from the American Hospital Association and other plaintiffs. The ruling underscores the complexity and extensive reach of federal regulations in modern life.

Categories
Health Law Highlights

PHI Compromised in Cyberattacks on South Texas Oncology and Hematology & Highland Health Systems

Summary of article from The HIPAA Journal, by Steve Adler:

South Texas Oncology and Hematology (STOH) in San Antonio, TX, and Highland Health Systems in Anniston, AL, have experienced significant cyberattacks, compromising the personal and protected health information of their patients and employees. STOH’s breach, detected in February 2024, affected 176,303 individuals, exposing names and medical information, while Highland Health Systems’ breach, detected in July 2023, impacted 83,543 individuals, revealing sensitive data such as Social Security numbers and medical information. Both organizations have engaged third-party cybersecurity firms, notified law enforcement, and provided affected individuals with credit monitoring services. STOH and Highland Health Systems have also enhanced their security measures, including updating security tools and implementing new protections. No evidence of misuse of the compromised data has been found to date.

Categories
Health Law Highlights

Texas Medical Center Institutions Agree to Pay $15M Record Settlement Involving Concurrent Billing Claims for Critical Surgeries

Summary of article from U.S. Attorney’s Office, Southern District of Texas:

Baylor St. Luke’s Medical Center, Baylor College of Medicine, and Surgical Associates of Texas have agreed to a $15 million settlement to resolve allegations of improper concurrent billing for heart surgeries, violating Medicare regulations and informed consent rules. The investigation, initiated by a whistleblower complaint in 2019, revealed that surgeons Dr. Joseph Coselli, Dr. Joseph Lamelas, and Dr. David Ott allegedly ran multiple operating rooms simultaneously, improperly delegating critical tasks to unqualified residents and falsifying records. This practice, which occurred from June 2013 to December 2020, compromised patient safety and violated Medicare’s requirements for surgeon presence. The settlement, the largest of its kind, underscores the importance of adherence to medical regulations and accountability in healthcare. The whistleblower will receive over $3 million from the settlement.

Categories
Health Law Highlights

Feds Announce Final Penalties for Information Blocking. Hospitals and Medical Groups Aren’t Happy

Summary of article from Chief Healthcare Executive, by Ron Southwick:

The U.S. Department of Health & Human Services has finalized rules to prevent information blocking, imposing significant financial penalties on hospitals, clinicians, and medical groups that fail to share health information freely. Hospitals could face reductions in federal aid and substantial financial disincentives, while clinicians and medical groups could see reduced reimbursements and other penalties. The American Hospital Association and the Medical Group Management Association have criticized the penalties as excessive and punitive, urging for more collaborative approaches. The rule also affects Accountable Care Organizations by barring violators from participating in the Medicare Shared Savings Program for at least a year. These measures will take effect 30 days after the rule’s publication.

Categories
Health Law Highlights

Texas Medical Board Adopts Abortion Guidance

Summary of article from The Texas Tribune, by Eleanor Klibanoff:

The Texas Medical Board has adopted new guidelines for interpreting the state’s abortion laws, aimed at clarifying the conditions under which doctors can perform abortions without risking their medical licenses. The guidance reduces some documentation requirements but stops short of providing a comprehensive list of legal abortion scenarios, citing the uniqueness of each medical case. Despite revisions, concerns remain about the clarity and sufficiency of the guidance, particularly in light of recent Texas Supreme Court rulings. The board emphasized that while it aims to protect the doctor-patient relationship, it cannot fully eliminate doctors’ fears of prosecution. The rules are open to future adjustments based on evolving circumstances.

Categories
Health Law Highlights

Court Strikes Down HHS “Guidance” Regarding Online Tracking Technologies and HIPAA: Implications for Healthcare Providers

Summary of article from Health Law Attorney Blog:

In a recent decision, the United States District Court for the Northern District of Texas partially granted summary judgment to the plaintiffs, striking down the HHS rule that expanded the definition of “Individually Identifiable Health Information” (IIHI) to include the combination of an individual’s IP address and their visits to healthcare providers’ websites. The Court ruled that HHS exceeded its statutory authority under HIPAA and imposed new legal obligations without proper rulemaking procedures. This decision relieves healthcare providers from the significant compliance burdens associated with the now-invalidated rule. Providers should review their use of tracking technologies to ensure compliance with the ruling and stay informed about any new guidance from HHS. This case underscores the necessity for clear, consistent regulatory guidance aligned with statutory definitions and procedural norms.

Categories
Health Law Highlights

The Role of Nursing Education in Ensuring HIPAA Compliance

Summary of article from The HIPAA Journal, by Dr. Randolf F. R. Rasch:

The escalating issue of HIPAA violations by nurses poses significant legal and financial risks for healthcare institutions. Despite mandatory annual training, many nurses are inadequately prepared for compliance due to gaps in both initial and ongoing education. A 2023 survey underscores these deficiencies, revealing that only 24% of healthcare organizations provide annual HIPAA training and fewer than 3% offer this crucial training solely during employee orientation. This lack of comprehensive and continuous education leaves nurses vulnerable to breaches in patient privacy and electronic health information integrity. Addressing these gaps through enhanced training and vigilant surveillance is essential for protecting both patient data and the institutions that employ healthcare professionals.

Categories
Health Law Highlights

OCR Increases Focus on Phishing Attacks Against Healthcare Providers

Summary of article from Morgan Lewis, by Amy M. Magnano, Michael J. Madderra:

In response to a significant rise in phishing attacks, the US Department of Health and Human Services’ Office for Civil Rights (OCR) is emphasizing the importance of regular risk assessments and best practices to protect sensitive data. The OCR’s first phishing cyberattack settlement involved the Lafourche Medical Group, which failed to implement necessary safeguards, resulting in a breach that compromised the data of nearly 35,000 individuals. The OCR’s resolution included a $480,000 fine and a two-year monitoring period for Lafourche. Future phishing attacks are anticipated to become more sophisticated due to advancements in AI, further emphasizing the need for regular security policy updates and employee education.

Categories
Health Law Highlights

Hacking the Hippocratic Oath: Four Ways to Shield Patients from Ransomware Attacks

Summary of article from MedCity News, by Mohammad Wagas:

The healthcare industry is under increasing threat from cyberattacks, highlighting an immediate need for stronger security measures. To address this, four key strategies are recommended: enhancing analysis of security risks, fostering a cybersecurity culture among all staff, segmenting networks to limit potential damage, and ensuring robust external surface defense. Comprehensive risk analysis tools and consistent cybersecurity education for staff are imperative. Implementing a Zero Trust architecture and conducting regular security audits of third-party vendors are also key. These initiatives align with medical ethics and ensure patient safety and their trust in technology.