On April 12, 2022, CMS issued new guidance for the independent dispute resolution (“IDR”) process under the No Surprise Billing Rules (“Rules”) in response to a U.S. District Court for the Eastern District of Texas judge...more
Idaho has enacted limited changes to the Idaho Patient Act (IPA) that make it somewhat easier for healthcare providers and facilities to jump through the IPA hoops before pursuing collection actions against patients. A copy...more
As part of Governor Little’s initiative to reduce nonessential regulations, Idaho licensing boards (including the Idaho Board of Medicine) have withdrawn their rules implementing the Idaho Telehealth Access Act for healthcare...more
In the latest twist in the OSHA Vax-or-Test saga, the Sixth Circuit terminated the nationwide injunction of the Emergency Temporary Standard (ETS), clearing the way for OSHA to begin enforcing the Vax-or-Test ETS. OSHA...more
Many providers make the No Surprise Billing Rules more complicated and expansive than they are. This short guide is intended to help providers understand, implement, and monitor compliance with the new rules.
UNDERSTANDING...more
In light of the CMS Interim Final Rule (“Interim Rule”) published on November 5, 2021, qualifying healthcare facilities have been tasked with implementing policies and procedures that ensure their staff are fully vaccinated...more
11/18/2021
/ Centers for Medicare & Medicaid Services (CMS) ,
Coronavirus/COVID-19 ,
Employer Liability Issues ,
Employer Mandates ,
Health and Safety ,
Health Care Providers ,
Healthcare Facilities ,
Healthcare Workers ,
Interim Final Rules (IFR) ,
Popular ,
Religious Exemption ,
Vaccinations ,
Workplace Safety
Under the Centers for Medicare & Medicaid Services (CMS)’s new vaccine mandate for healthcare workers, facilities must draft and implement policies and procedures by December 6, 2021 to ensure covered personnel are fully...more
11/8/2021
/ Americans with Disabilities Act (ADA) ,
Centers for Disease Control and Prevention (CDC) ,
Centers for Medicare & Medicaid Services (CMS) ,
Civil Rights Act ,
Coronavirus/COVID-19 ,
EEO ,
Enforcement ,
Equal Employment Opportunity Commission (EEOC) ,
GINA ,
Health Care Providers ,
Healthcare ,
OSHA ,
Reasonable Accommodation ,
Religious Exemption ,
Title VII ,
Vaccinations ,
Workplace Safety
Given the COVID-19 vaccine mandates, employers—including healthcare entities—will need to confirm their employees’ vaccination status. Employers and healthcare providers must ensure they comply with privacy rules relating to...more
9/24/2021
/ Americans with Disabilities Act (ADA) ,
Coronavirus/COVID-19 ,
Disclosure Requirements ,
Employer Mandates ,
Equal Employment Opportunity Commission (EEOC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Vaccinations ,
Virus Testing
The HIPAA privacy and security rules impose significant requirements on covered entities and their business associates; violations may result in penalties ranging from $119 to $59,522 per violation. (45 CFR § 160.404; 45 CFR...more
The OCR has announced a surprising number of HIPAA settlements in the past few months with penalties ranging from $10,000 to $6.5 million. Here are some of the key takeaways for healthcare providers:
1. Protect against...more
10/27/2020
/ Centers for Medicare & Medicaid Services (CMS) ,
Cyber Attacks ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Personal Information ,
Phishing Scams ,
Settlement
Telehealth expanded dramatically in response to the COVID pandemic. Now that providers, patients, payers and public officials have seen the benefits, it is almost certain that telehealth will continue to play an increasingly...more
9/1/2020
/ Coronavirus/COVID-19 ,
Disclosure Requirements ,
Health Care Providers ,
Informed Consent ,
Medical Records ,
Physician Assistants ,
Physicians ,
Prescription Drugs ,
Standard of Care ,
Telehealth ,
Verification Requirements ,
Waivers
Healthcare providers focusing on COVID-19 may have missed the final Interoperability and Information Blocking Rule that was published May 1, 2020 and takes effect November 3, 2020. (45 C.F.R. Part 171). The Rule implements...more
8/27/2020
/ 21st Century Cures Act ,
Coronavirus/COVID-19 ,
Data Collection ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
HIPAA Violations ,
Information Blocking Rules ,
OIG
In our prior alert, we discussed the Idaho Patient Act and its impact on medical debt collection after January 1, 2021. Idaho healthcare providers should also be aware of several other new state laws that take effect July 1,...more
Healthcare providers who received or receive payments from the CARES Act Provider Relief Fund (“PRF”) may only use the payment for permissible purposes, must document and report the proper use, and return any excess funds to...more
HHS has updated the Terms and Conditions and websites for two key portions of its Provider Relief Fund programs.
1. Provider Relief Funds. Over the weekend, HHS updated the Terms and Conditions and posted FAQs concerning...more
On April 22, 2020, HHS announced specifics concerning the next round of the $100 billion Provider Relief Fund payments, some of which should reach provider bank accounts today....more
Beginning April 10, 2020, HHS began issuing payments to providers eligible to receive a portion of the $30 billion reserved for the Provider Relief Fund. There have been two important developments this week...more
On March 30, 2020, CMS issued numerous additional blanket waivers to give providers greater flexibility in responding to COVID-19. (See https://www.cms.gov/files/document/summary-covid-19-emergency-declaration-waivers.pdf)....more
4/1/2020
/ 1135 Waivers ,
Centers for Medicare & Medicaid Services (CMS) ,
Children's Health Insurance Program (CHIP) ,
Coronavirus/COVID-19 ,
Determination of Need (DoN) ,
EMTALA ,
Fee-for-Service ,
Health Care Providers ,
Hospitals ,
Medicaid ,
Nurses ,
Nursing Homes ,
Pharmacies ,
Prior Authorization ,
Relief Measures ,
Skilled Nursing Facility ,
State and Local Government ,
Waivers
Although often well-intentioned, offering free or discounted items or services to patients (e.g., gifts, rewards, writing off copays, free screening exams, free supplies, etc.) may violate federal and state laws governing...more
In an era of decreasing reimbursement and rapidly expanding opportunities associated with “big data”, healthcare entities may be looking for ways to monetize protected health information (“PHI”) for their own, non-patient...more
2/20/2020
/ Business Associates ,
Business Associates Agreement (BAA) ,
Consent ,
Consumer Privacy Rights ,
Covered Entities ,
Data Collection ,
Data Privacy ,
Data Sellers ,
Data Use Policies ,
De-Identified Protected Health Information ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Information Sharing ,
Medical Records ,
Notice Requirements ,
OCR ,
PHI ,
Privacy Policy
Thanks to a federal judge, the Office for Civil Rights has modified its rules for sending records to third parties. Covered entities are no longer required by HIPAA to send non-electronic protected health information (“PHI”)...more
2/10/2020
/ Business Associates ,
Covered Entities ,
Data Protection ,
Data Transfers ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Omnibus Rule ,
HITECH Act ,
Medical Records ,
OCR ,
Patient Privacy Rights ,
PHI ,
Records Request ,
Right of Access
The HIPAA privacy rules give special protection to “psychotherapy notes,” but providers often misunderstand what are and are not covered and how they differ from other mental health records.
I. “Psychotherapy Notes”...more
1/29/2020
/ Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
HIPAA Privacy Rule ,
Medical Records ,
Mental Health ,
NPRM ,
OCR ,
Professional Disciplinary Actions
Healthcare providers sometimes mistakenly assume that they cannot contact a patient’s spouse, parents, or other third parties to obtain payment without the patient’s consent. However, HIPAA generally allows healthcare...more
Business associates may want to use a covered entity’s protected health information (“PHI”) for the business associates’ own purposes, e.g., for their own product development, data aggregation, marketing, etc. However, with...more
9/6/2019
/ Business Associates ,
Covered Entities ,
Cybersecurity ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
OCR ,
PHI
Question: May I share records with another healthcare provider without the patient’s authorization?
Answer: It depends on the purpose. If the disclosure is for purposes of the patient’s treatment, including continuation of...more