Despite all preventive measures that hospitals and health care systems put in place to stop data breaches from occurring, employees at these entities still have unsecured and un-encrypted laptops, which are susceptible to cybersecurity attacks. A report from a cybersecurity protection organization stated that a majority of high-risk scenarios that occur in health care entities were due to unsecure laptops. These unsecured laptops can lead to massive data breaches and can result in hefty fines imposed by the Office of Civil Rights. Proper encryption, tracking software, and rarely leaving laptops unattended are a few ways that employees and organizations can help safeguard protected health information and prevent data breaches.
On March 1, 2019, the College of Healthcare Information Management Executives (“CHIME”) sent a six-page letter to Congress which discussed how technology has impacted health care costs. CHIME believes that too much money is being allocated towards making sure that health care organizations are complying with the Office of Civil Rights (“OCR”) and the Department of Health and Human Services (“HHS”) requirements, while not enough resources are being given towards actually protecting against cybersecurity attacks. The letter contains multiple suggestions in which patient data could be better protected, such as incentivizing health care organizations to implement more cybersecurity safety measures. However, many of CHIME’s proposals would require Congress to amend multiple provisions in acts, such as the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH Act”).
The current Deputy Secretary of the Department of Health and Human Services and former Loyola University Chicago School of Law professor Eric D. Hargan was sworn into his position as the Deputy Secretary on October 6, 2017. Since then, he has been working on assisting providers to help them better understand the intricacies of the Stark law by gathering provider concerns about present governing efforts. All of this work is being done in an effort to shift the healthcare system away from fee-for-service care and towards value-based care in what Hargan is calling the “Regulatory Sprint to Coordinated Care.” Hargan stated that “removing unnecessary government obstacles to care coordination is a key priority for this Administration.”
Immediately upon introduction, mobile medical applications became favored by physicians and patients alike because the applications are user friendly and allow the patient to understand their care and participate in more meaningful discussions with their provider about their health. Due to the rapid development of technology and, as a result, a surge of mobile medical applications flooding the market, the Food and Drug Administration has issued three guidances on how they plan to regulate mobile medical applications. In order for mobile medical application manufacturers to remain compliant with the FDA guidances, they must meet the seven categories of requirements that are laid out in Appendix E of FDA’s 2015 guidance and also comply with any further guidance that is released.
Ted Banks is a partner at the firm Scharf Banks Marmor and is also an adjunct professor at Loyola University Chicago School of Law, where he teaches a course on corporate compliance. At Scharf Banks Marmor, Mr. Banks concentrates his practice on compliance, antitrust, food law, and other corporate issues. He entered compliance by accident many years ago, and has been an innovator in the field ever since. Mr. Banks has been recognized as an Illinois “Super Lawyer” in the areas of corporate governance and compliance, and he has also been named a Risk & Compliance Trailblazer and Pioneer by the National Law Journal. Here, he has shared his story, tells us the real deal about compliance, and gives advice to students who wish to make compliance their career.
An increasing number of companies are providing fitness trackers for their employees as a part of their benefits package. The use of fitness trackers has been steadily growing over the past few years, and is predicted to hit a shipment size of 240.1 million devices by 2021. Even though the popularity of these fitness trackers has boomed, their compliancy with HIPAA has not kept up with them as quickly. A few companies that make fitness trackers have become HIPAA compliant, such as Fitbit and Apple. However, some companies have remained silent as to whether they are or plan on becoming compliant. While fitness trackers have been shown to have an overall positive effect in corporate wellness programs, corporations should remain up to date with how to keep their employees’ health information secure as well as ensure that the fitness tracker that they are providing is HIPAA compliant.