In the two years since the Dobbs v. Jackson Women’s Health decision from the Supreme Court, state legislatures and courts have attempted to define the new post-Roe landscape in health care. That effort includes actions by states to enact health data privacy laws or to amend existing privacy laws to protect consumer health data

Recent efforts by the federal government to develop a strategy for guiding (and regulating) the use of artificial intelligence (AI) have targeted multiple industry sectors, with healthcare at the forefront. For example, under the President’s recent executive order, in 2024 the Department of Health and Human Services is required to educate itself, publish guidance, and

On April 27, 2023, Washington Governor Jay Inslee signed into law House Bill 1155, otherwise known as the My Health My Data Act.  Certain “geofencing” portions of the law became effective July 23, 2023.  Other provisions will become effective for “small businesses” on June 30, 2024, and for all other regulated entities on March 31, 2024. Below is a brief summary of the law’s following core components: (1) covered individuals and entities, (2) covered data, and (3) data collection and sharing requirements.Continue Reading Implementation Underway for Washington’s New Wide-Reaching Consumer Health Data Law

HIPAA enforcement actions in the past year have continued to focus on the patient right to access initiative and large scale data breaches. While most of the recent enforcement actions focused on the patient right to access initiative, two noteworthy settlements stemmed from covered entities disclosing protected health information in response to negative online reviews.

Over the past year, the types, sizes, and locations of the investigated entities varied, and resulted in settlements ranging from $3,500 – $240,000. Department of Health and Human Services Office for Civil Rights (“OCR”) seemed to consistently impose comparatively higher settlements amounts for violations that resulted in large scale data breaches.Continue Reading Patient access and big-ticket data breaches lead OCR enforcement initiatives

Health care and health care-adjacent organizations are seeing a steep increase in risk arising from the frequently utilized third-party analytics and advertising services on their websites, mobile applications, patient portals, and other Internet-connected services. Those organizations should pay attention to new regulatory guidance, published settlements with regulators, and an onslaught of class action filings stemming

Following closely after the clarifying independent dispute resolution process Final Rule, the four executive branch entities tasked with implementing the provisions of the No Surprises Act, the Office of Personnel Management, the Centers for Medicare & Medicaid Services (CMS), Employee Benefits Security Administration and the Internal Revenue Service have issued a request for information to help the agencies craft the next stage of regulations for the surprise billing law.

The request is the latest effort by agencies to seek stakeholder input on the contours of the regulations implementing the No Surprises Act, this time with a focus on the requirements in the law for providers to issue a good faith estimate (GFE) to plans for services that their covered patients will submit for reimbursement and for insurers to issue an advanced explanation of benefits (AEOB) to their plan participants based on estimated charges relayed to them by providers.

Specifically, the entities are looking for information and recommendations on the process of transferring data from providers and facilities to plans, issuers and carriers to facilitate the GFE and AEOB processes, as well as the economic impacts of implementing these requirements. The notice was added to the Federal Register on Friday, Sept. 16 and comments are due to the agencies by November 15.Continue Reading Agencies Look for Input on No Surprises Act Good Faith Estimate Rules

Over the last decade, members of the medical and public health communities around the world have widely studied and acknowledged the impact of social determinants of health (SDOH)—the conditions in the environments where people live, learn, work, play, and age—on a wide range of health, functioning, and quality-of-life-risks and outcomes.[1]  In the past year

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), the agency that enforces the Health Insurance Portability and Accountability Act of 1996 (HIPAA), is the latest federal agency to jump on the HHS rulemaking bandwagon issuing a Notice of Proposed Rulemaking (NPRM) on December 10, 2020, that proposes pivotal changes

Even amidst the chaos of a global pandemic, this year multiple U.S. Department of Health and Human Services (HHS) agencies have dialed in on promoting and enforcing patients’ rights to access their health information.

In just the past month, HHS’ Office for Civil Rights (OCR), the agency that enforces the Health Insurance Portability and Accountability Act of 1996 (HIPAA), settled five costly investigations with HIPAA-regulated parties for potential violations of the HIPAA right of access provision.  Under HIPAA, individuals have a legal, enforceable right to view and obtain copies, upon request, of the information in their medical and other health records maintained by a HIPAA covered entity, typically a health care provider or health plan, with limited exception.  Individuals generally have a right to access this information for as long as the information is maintained by a covered entity, or by a business associate on behalf of a covered entity, regardless of the date the information was created, whether the information is maintained in paper or electronic systems onsite, remotely, or is archived, or where the information originated (e.g., whether the covered entity, another provider, or the patient).
Continue Reading Patient access to health information at the forefront of government initiatives and scrutiny

Reed Smith is hosting its 6th Annual Washington Health Care Conference on December 4, 2019 at The Almas Center in Washington, D.C., and is pleased to welcome another impressive line-up of speakers this year.

Our keynote speaker is Dr. John Whyte, Chief Medical Officer of WebMD, who will be discussing “Artificial Intelligence in Health Care: Disrupt but Don’t Be Disruptive.”

The conference also includes a particularly timely panel on the proposed rules to modernize Stark Law and the Anti-Kickback Statute. Our presenters include: Lisa Wilson, Senior Technical Advisor to the Centers for Medicare and Medicaid Services; David Gregory, Principal, Healthcare Practice, Baker Tilly Virchow Krause; Nancy Bonifant Halstead, Partner, Reed Smith; and moderator Nicole Aiken-Shaban, Senior Associate, Reed Smith.

We’re also pleased to be offering a session with representatives from major associations on how the industry is preparing for the next major shift in the health delivery continuum. Our presenters include: Terry Chang, MD, JD, Vice President, Assistant General Counsel, and Director, Legal & Medical Affairs, AdvaMed; Clif Porter, Senior Vice President, Government Relations, AHCA; Julie Wagner, Senior Assistant General Counsel, PhRMA; Katie Mahoney, Vice President, Health Policy at the U.S. Chamber of Commerce; and moderator Elizabeth Carder-Thompson, Senior Counsel, Reed Smith.

Additional conference sessions include:
Continue Reading Speakers from WebMD, CMS, PhRMA, AdvaMed, AHCA, and More to Present at Reed Smith’s Dec. 4 Washington Health Care Conference

Senate Finance Committee Chairman Ron Wyden and Ranking Member Chuck Grassley are asking providers, patients, insurers, entrepreneurs, and other stakeholders for ideas on ways to improve the availability and utility of health care data, while protecting patient privacy. In particular, the Senators are requesting information on: the data sources that should be made more

This post was also written by Elizabeth D. O’Brien.

On January 25, 2013, the HHS Office for Civil Rights published its long-awaited final rule implementing major changes to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules mandated by the 2009 Health Information Technology for Economic and Clinical Health Act (HITECH Act). Among other