With COVID-19 rapidly spreading, telehealth services have been seeing an explosion of demand. On March 17, 2020, President Trump announced during a White House press briefing an unprecedented expansion of telehealth services for the 62 million Medicare beneficiaries who are amongst the most vulnerable to the disease. The Department of Health and Human Services (“HHS”) and Centers for Medicare and Medicaid Services (“CMS”) have since vowed to work with the administration by temporarily relaxing certain HIPAA, altering licensure, cost-sharing, and auditing requirements. As the number of patients increases, compliance and privacy risks associated with telehealth also surge.
Last year, the Department of Health and Human Services (“HHS”) proposed new rules to improve the interoperability of electronic health information (“EHI”) to fulfill its statutory requirement under the 21st Century Cures Act. These proposed rules were issued by the Center for Medicare and Medicaid Services (“CMS”) and the Office of the National Coordinator for Health Information Technology (“ONC”) to address both technical and healthcare industry factors that create barriers to the interoperability of health information and limit a patient’s ability to access EHI. Epic, one of the largest programs for maintaining electronic health records (“EHR”), is attempting to halt the finalization of the interoperability rules before they take effect as they believe it posts privacy concerns. On March 9, 2020, HHS announced the joint final rules from CMS and ONC to spur innovation and to end information blocking.
Ryan Whitney Managing Editor Loyola University Chicago School of Law, JD 2017 HIPAA breaches occur on a daily basis. Although undesirable, many of these breaches are not serious enough to require patient notification. But others are more egregious and can cause harm to both the patient and the providing entity. This article outlines a …
Fannie Fang Executive Editor Loyola University Chicago School of Law, JD 2017 The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently agreed to a settlement with Advocate Health Care Network (Advocate), the largest health systems in the Chicago area. In the settlement, Advocate agreed to pay a sum of …
Logan Parker Privacy Editor Loyola University Chicago School of Law, LL.M in Health Law 2017 In 2013, Oregon Health & Science University (“OHSU”), Oregon’s only academic health center, reported numerous breaches of unsecured electronic protected health information (“ePHI”), including two breaches within the span of five months. This led to the Office of Civil …