HHS Releases Updates to HIPAA Rules

Today HHS released the long-awaited modifications to the HIPAA privacy, security, enforcement and breach notification rules.  A full copy of the rule can be found here.

In a related press release HHS described the impact of the rule as follows:

“The changes in the final rule making provide the public with increased protection and control of personal health information.  The HIPAA Privacy and Security Rules have focused on health care providers, health plans and other entities that process health insurance claims.  The changes announced today expand many of the requirements to business associates of these entities that receive protected health information, such as contractors and subcontractors. Some of the largest breaches reported to HHS have involved business associates. Penalties are increased for noncompliance based on the level of negligence with a maximum penalty of $1.5 million per violation. The changes also strengthen the Health Information Technology for Economic and Clinical Health (HITECH) Breach Notification requirements by clarifying when breaches of unsecured heath information must be reported to HHS.”

If you have questions related to the new HIPAA rules please contact Dave Schoolcraft or Elana Zana.

 

OIG Approves Electronic Interface Arrangement

In a recent advisory opinion, the Office of Inspector General DHHS (“OIG”) approved an arrangement under which free access to an electronic computer interface is provided by a hospital to local physicians.  The opinion provides an important contemporary analog to earlier guidance published by the OIG as part of the preamble to the Federal anti-kickback statute safe harbor regulations (see 56 Fed. Reg. 35952, 35978, July 29, 1991).   At the same time, the OIG reinforced its long-standing position that in order for such arrangements to pass muster under the Federal anti-kickback statute, the parties must validate that the technology is limited to facilitating hospital-physician communications, and that it will not have independent value to the physicians. 

Please contact David Schoolcraft  (dschoolcraft@omwlaw.com or 206.447.7000) you have any questions about the scope and applicability of this OIG advisory opinion.

Health Data Privacy Protections to Increase

As we wait for the HITECH Act updates to HIPAA to be finalized, yet another article signals the administration’s intent to strengthen privacy protections for health data– http://www.nytimes.com/2011/05/31/business/31privacy.html

Impact of “Big Data” in Health Care

A Recent report from McKinsey & Company on the evolution of information technology focuses on health care as a sector to watch: “For instance, if US health care could use big data creatively and effectively to drive efficiency and quality, we estimate that the potential value from data in the sector could be more than $300 billion in value every year, two-thirds of which would be in the form of reducing national health care expenditures by about 8 percent.” Full report at http://www.mckinsey.com/mgi/publications/big_data/index.asp