I’m pleased to be presenting at a seminar on Medical Records law together with my colleague, Phil Miles, on January 31, 2013 in Altoona, Pennsylvania. The law and regulations governing use, disclosure, storage, and security of medical records has significantly evolved over the past two years. I will be presenting updates regarding the HIPAA and HITECH Acts. Phil will be addressing Employers, Employees, and Medical Record Requests.
The complete agenda and registration are available here. We hope you can join us.
We previously wrote about an amendment to the Pennsylvania Health Care Facilities Act that imposed specific photo identification requirements. Although the Act was specific, it left much of the implementation state Department of Health (DOH).
On December 10, 2011, the DOH published interim regulations that implement the photo identification requirements. The regulations have limited application because the photo id requirements are staggered in implementation. The interim regulations, therefore, only apply to 1) individuals who provide direct patient or consumer care outside of a health care facility or employment agency, or 2) employees of a private practice physician.
Until June 1, 2015, the photo id requirements do not apply to individuals who provide direct care at a health care facility. However, the interim photo identification regulations for those who provide care outside of a health care facility were effective as of December 10, 2011, when the regulations were published in the Pennsylvania Bulletin.
The Department of Health and Human Services (HHS), on September 14, 2011, announced proposed changes to regulations that implement the Clinical Laboratory Improvement Amendments (CLIA) and the Health Insurance Portability and Accountability Act (HIPAA). These proposed changes would broaden patient access to laboratory test reports and preempt current Pennsylvania law on this topic.
On September 7, 2011, the Office for Human Research Protections (OHRP) and the Food and Drug Administration (FDA) announced draft guidance on exculpatory language in informed consent for human subject research. The current regulatory guidance on this point was issued in November 1996. This newly issued draft guidance will ultimately supersede the 1996 guidance on what constitutes exculpatory language that is inappropriate to include in informed consent for human subject research.
We previously wrote about a proposed Rule that modifies the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule to require an accounting of electronic disclosures of protected health information. The proposed Rule was open to comments until August 1 and has received much attention, with over 400 comments.
The Department of Health and Human Services has issued a proposed Rule modifying the Health Insurance Portability and Accountability (HIPAA) Act Privacy Rule to require an accounting of electronic disclosures of protected health information and extend its application to business associates.
The Health Information Technology for Economic and Clinical Health Act (HITECH) required the amendment of the Privacy Rule. Under the HITECH Act, health care providers must account for disclosures of protected health information through an electronic health record. The accounting for disclosures under traditional medical records has long been required.
Not only is HHS implementing the required HITECH accounting requirements, but it is also revising the accounting disclosure requirements. Specifically, the proposed Rule does not permit an individual to obtain a report of every access to their protected health information. Instead, they are entitled to an accounting of only those disclosures of their electronic health records. The Department believes that this will minimize the burden on health care providers.
Also consistent with the HITECH Act, HHS is broadening the accounting and disclosure requirements to business associates in its newly proposed Rule.
Health care providers and business associates should continue to monitor these new privacy-related developments.
I recently spoke to a local Mom’s Club about estate planning and included a segment on advance directives for health care. Advance directives have received increased attention following the legal battles over life sustaining treatment offered to Terry Schiavo, a Florida woman who was left in a persistent vegetative state after a cardiac arrest.
Advance directives are instructions left for friends, family, and health care providers regarding an individual’s preferences on life sustaining treatment. In the event the individual becomes incompetent or unable to make their own decisions, their family and health care providers can look to those advance directives to inform end-of-life treatment options.
The Department of Health and Human Services (HHS) recently announced another HIPAA penalty. This penalty differs from the recently imposed civil monetary penalty in that the health care provider, Massachusetts General Hospital, settled HHS’s claims that Mass General failed to have appropriate safeguards in place to protect protected health information (PHI). Mass General and HHS settled the claims for $1,000,000.
The Centers for Medicare & Medicaid Services (CMS) and the Department of Health and Human Services (HHS) has published a final rule revising the conditions of participation for hospitals to ensure equal visitation rights. This final rule requires that hospitals have written policies and procedures regarding visitation rights of patients. Those policies must address these rights regardless of whether visitors meet traditional notions of “family” visitors.