Categories
Health Law Highlights

HIPAA Privacy Final Rule: Landmark Changes Related to Reproductive Health Care Information

Summary of article from Polsinelli, by Hiba AI-Ramahi, Iliana Peters, Rebecca Frigy Romine:

The U.S. Department of Health and Human Services (HHS) and Office for Civil Rights (OCR) issued a “Final Rule” providing special protections and obligations related to Protected Health Information (PHI) about reproductive health care. The Rule applies to all HIPAA regulated entities and covers a broad range of reproductive health care services. It prohibits the use or disclosure of PHI for the purpose of conducting a criminal, civil, or administrative investigation into or imposing liability on any person for seeking, obtaining, providing, or facilitating reproductive health care. Regulated entities must obtain a signed, written attestation from the person or entity requesting the PHI that the intended use or disclosure of the requested PHI is not for one of the prohibited purposes. This Rule is effective on June 25, 2024, with regulated entities given 180 days for compliance and until February 16, 2026 for Notice of Privacy Practices (NPP) modification compliance.

Categories
Health Law Highlights

Better Call Your Privacy Attorney: 3 New State Privacy Laws Begin July 1, 2024

Summary of article from Dickenson Wright, by Sara Jodka:

On July 1, 2024, Florida, Oregon, and Texas will join other states in implementing privacy laws to govern the collection, use, and transfer of consumer personal data, with Montana following on October 1, 2024. These laws will impose requirements on businesses collecting personal data, and although existing privacy programs may not need significant changes, new businesses will need to update their privacy policies and processes. The laws vary between states, with Texas having the broadest application and Florida the narrowest, and they encompass different definitions of personal data and sensitive data. Covered entities will need to provide clear privacy notices, limit data collection, obtain consumer consent for processing sensitive data, implement safeguards, and conduct data protection assessments among other requirements. Beyond 2024, more states including Delaware, Iowa, Nebraska, New Hampshire, New Jersey, and Tennessee will implement similar laws in 2025, with Indiana and Kentucky following in 2026.

Categories
Health Law Highlights

The Future of Technology in Health Care

Summary of article from The Regulatory Review, by Alyson Diaz, Julia Englebert, and Carson Turner:

The use of technology in healthcare, particularly AI and telemedicine, is increasing, but many Americans are uncomfortable with AI’s role in diagnosis and treatment due to potential biases and errors. While AI can improve care quality and accessibility, especially for underserved communities, it also presents risks such as algorithmic bias and overreliance. Current regulations, including the FDA’s 510(k) review, inadequately address these concerns and often allow AI-enabled devices to be approved without sufficient safety and accuracy checks. Scholars suggest various regulatory improvements, including educating patients about algorithmic bias, continuous assessment of AI technologies, and lowering barriers for community organizations to provide telehealth services. Concerns also extend to the influence of direct-to-consumer pharmaceutical companies on social media, and the need for stricter regulation of telehealth providers to prevent inadequate treatment and excessive drug prescriptions.

Categories
Health Law Highlights

FTC Finalizes Expansion of Health Breach Notification Rule’s Broad Applicability to Unauthorized App Disclosures

Summary of article from Davis Wright Tremaine, by Adam H. Greene, Apurva Dharia:

The Federal Trade Commission (FTC) has finalized changes to the Health Breach Notification Rule (HBNR), expanding its scope to include virtually all health and wellness apps. The revised rule requires vendors of personal health records (PHRs) and related entities to notify individuals, the FTC, and, in some cases, the media of any unauthorized disclosure of identifiable health data. The updated rule also includes a broader definition of “health care services or supplies” and “breach of security,” and clarifies the role and responsibilities of PHR related entities. The FTC has also modernized the method of notice, expanded the content of the notice, and revised the timing of notice to the FTC. The changes signal the FTC’s increased prioritization of protecting consumers’ sensitive health information.

Categories
Health Law Highlights

Importance of Negotiating Maintenance, Repair and Replacement Obligations in Health Care Leases

Summary of article from Epstein Becker Green, by Allison S. Zangrilli, Zlata Fayer:

Tenants are often held responsible for the repair and maintenance of mechanical systems in leased premises, which can lead to significant costs. To mitigate this, tenants should inspect these systems before signing the lease and negotiate a warranty period with the landlord for any necessary repairs or replacements. Additionally, tenants should negotiate for the installation of any additional systems they require during the letter of intent phase. A carve-out for latent defects should be included in the lease, and tenants should negotiate to ensure costs for maintaining structural components are not passed onto them. Detailed negotiation of maintenance, repair, and replacement obligations is crucial to protect tenants and should be outlined in a letter of intent to clarify expectations and streamline the negotiation process.

Categories
Health Law Highlights

The Intersection of Artificial Intelligence and Utilization Review

Summary of article from Sheppard Mullin Richter & Hampton LLP, by Lynsey Mitchel:

California’s SB 1120 bill aims to regulate the use of artificial intelligence (AI) in managed care, requiring AI tools to be fair, non-discriminatory, and based on a patient’s medical history and individual circumstances. The bill aligns with the Centers for Medicare and Medicaid Services (CMS) rules, which allow the use of AI in coverage determinations as long as the AI complies with all applicable rules and does not solely dictate decisions. Other states like Georgia, New York, Oklahoma, and Pennsylvania have similar bills, focusing on regulator review and disclosure of AI use. Various states have also adopted the National Association of Insurance Commissioners’ guidelines to mitigate the risk of adverse outcomes from AI use. Payors are urged to monitor their AI tools closely to reduce the risk of legal issues arising from improper service denials.

Categories
Health Law Highlights

Cloud-Based AI Services Could Help Fight Health Misinformation

Summary of article from Healthcare IT News, by Andrea Fox:

Several major universities are developing a platform named Project Heal to combat healthcare and public health misinformation. The platform will use machine learning, generative AI, and predictive analytics to identify and counteract misinformation before it spreads. The system also accounts for cultural, historical, and linguistic nuances to generate personalized messages for targeted communities.

Categories
Health Law Highlights

Tame The Private Equity Beast By Shifting Its Focus To Value-Based Care

Summary of article from Health Affairs, by Ken Terry:

The influence of private equity (PE) firms on the healthcare industry has lead to several concerns, including reduced quality of patient care, increased expenses, and potential economic instability. However, PE firms could also play a constructive role in healthcare reform if their investments were directed towards helping entities transition to value-based care (VBC). Tax incentives could motivate PE investments in VBC-oriented entities (VOEs). Policy changes, such as extending holding periods for health assets, creating escrow accounts for failed strategies, and establishing joint liability between PE firms and their owned companies, could motivate PE firms to focus on primary care and reduce healthcare waste.

Categories
Health Law Highlights

Honest Services Fraud: A World Beyond the Anti-Kickback Statute

Summary of article from Dorsey & Whitney LLP, by Nicole Engisch, Seth Goertz, Sarah Malham, Mara Sanders:

The Department of Justice (DOJ) is increasingly using Honest Services Fraud (18 U.S.C. § 1346) to prosecute bribery, kickbacks, and other improper payments in the healthcare industry, in addition to traditional mechanisms like the Anti-Kickback Statute and the Federal False Claims Act. The honest services fraud law is especially useful as it covers areas not reached by the Anti-Kickback Statute, which is limited to federally funded healthcare programs. Recent court cases have upheld convictions based on honest services fraud, indicating its growing relevance in combating healthcare fraud. Therefore, it is crucial for healthcare practitioners and administrators to carefully review payment arrangements and financial interests that intersect with patient service delivery, ensuring full disclosure of relevant financial interests.

Categories
Health Law Highlights

Is Your Compliance House In Order? Tips for Ensuring Private Equity and Portfolio Company Compliance

Summary of article from Bass, Berry & Sims PLC, by Angela Humphreys, Jennifer Michael:

The recent Request for Information by federal agencies highlights the need for private equity (PE) firms to have robust compliance programs for their healthcare sector investments. Such programs should align with the Office of Inspector General’s General Compliance Program Guidance, and include written policies, procedures, risk analyses, and audits. PE firms need to understand their role and risk profile in the portfolio company’s structure, including their involvement in executive hiring, business program implementation, and potential antitrust issues. Equity incentive awards should comply with both the Stark Law and the federal Anti-Kickback Statute. Lastly, PE firms should ensure attorney-client privilege is maintained in their interactions with both the portfolio company and outside counsel.