As of July 1, 2020, all Florida health care providers, and providers in training, are now required to obtain written consent from their patients (or their legal representatives) before performing a pelvic exam. The only exceptions to this requirement are when the exam is done pursuant to a court order, or in cases of emergency. Given the broad application of the new law, it is imperative for any provider who may need to perform a pelvic exam on a patient, even if it’s a fairly rare occurrence, to be ready to obtain the consent.
The law grew out of concerns for improper actions taken against sedated patients. And as initially proposed, it only covered pelvic exams performed in training settings. However, the legislature expanded the scope to include all settings and all providers.
I recently wrote an article titled The Top Five Legal Concerns When Developing a Healthcare App, and I received some follow up questions, including technical queries about encryption and data sharing. To answer these questions, it is important to understand the current Healthcare App state of affairs. Various reporters, governmental agencies and privacy watchdogs have installed and monitored the flow of data from Healthcare Apps installed on smart phones. These journals, articles and enforcement actions taken together provide a roadmap for Do’s and Don’ts for the sharing of data.
Almost all Healthcare Apps are free and have some disclosures about how they share your data, and both iOS and Android require the user to give permission to the newly installed App, but who really pays attention to that? Almost no one. However, this doesn’t mean that an App developer shouldn’t embrace best practices to avoid liability and bad press.
When COVID-19 passes and the world begins to return to normal, you can be guaranteed that many of your old “friends” will come to visit you. To minimize future liability, pain and time, you should be preparing today for tomorrow’s visitors:
The Lawyers. Lawyers come in many flavors, and can bring good or bad news. Depending on your initial reaction to the pandemic, and your subsequent actions as the panic started to die down you may see three types of lawyers: (1) Those that represent past or present employees who have lost their job or contracted COVID-19; (2) Those that represent patients who claim malpractice based on the care that you did or did not deliver, and also those patients who assert that they contracted COVID-19 at your office; and finally (3) Those that represent creditors or debtors of your practice. The actions you should take today are many and varied and beyond the scope of this overview, however, you should be asking the following questions of yourself: (i) did you file a claim for business interruption despite the fact that your insurance broker said you were wasting your time? (ii) does your malpractice carrier cover you for liability outside of the normal scope of providing care? (iii) are your documenting your actions throughout the pandemic to demonstrate that you were acting reasonably at a time when you did not have all the facts? (iv) did you look at your business insurance policies for coverage for employee claims, or workers comp claims, or OSHA claims? (v) did you research what other similarly situated companies are doing, as you will most likely be held to the same standards? (vi) did you follow guidance from State and Federal entities? and (vii) did you provide notice during the pandemic to debtors or other parties who have breached their obligations?
June 1, 2020 – Florida Healthcare Law Firms adds experienced attorney Steven Boyne to the team to assist with human resource law, corporate and transactional law, as well as telemedicine, healthcare tech and cyber breaches.
Florida Healthcare Law Firm has announced that they have added Steven Boyne to the team. Steven brings over twenty plus years experience working with different types of healthcare entities from Air Ambulances to large healthcare insurance companies, and everything in between. Steven specializes in areas including specific healthcare business human resource issues, telemedicine and HIPAA, strategic disaster planning for healthcare providers, business interruption insurance, health insurance and air ambulances.
“Positioning your healthcare business to be proactive is one of the most important things you can do. Who would have imagined we’d see a global pandemic in our lifetime? Being prepared for ‘interruptions’ help keep your business afloat when disaster strikes, especially when it comes to finances. Steven’s experience in large health insurance companies brings a wealth of knowledge and expertise that will help individual practitioners be just as prepared as the big guys. And, as technology grows in the healthcare industry, Steven is on board to help with his tech expertise,” Florida Healthcare Law Firm COO Autumn Piccolo says. Founder and President, Jeff Cohen, goes on to say that, “We advise many clients on telemedicine and telehealth laws. Steven’s passion for tech is a great addition for current and future clients. His unique firsthand knowledge on cyberbreaches, tech software and security systems is hyper-specific, which will benefit healthcare business owners.
The COVID-19 virus has and will probably continue to change the way healthcare providers and business associates interact and help their patients. As many providers are aware, a HIPAA violation is a serious issue, and can cost a healthcare entity large amounts of time and money to respond to any regulatory investigation. Recognizing that the COVID-19 pandemic has strained every corner of the economy and is THE MOST IMPORTANT issue for almost every industry, the federal government has rolled back some HIPAA protections. It is unclear how long these rollbacks will last, and it is possible that some of them may be permanent, but for now healthcare providers and their business associates can take some comfort that they can focus on delivering care and not dealing with overly burdensome regulations and investigations. The major changes include:
Telehealth. Changes include allowing physicians and other healthcare providers to offer telehealth services across State lines, so State licensing issues should not be a concern. Additionally, Providers are essentially free to choose almost any app to interact with their patients, even if it does not fully comply with the HIPAA rules. The HHS allows the provider to use their business judgment, but of course, such communications should NOT be public facing – which means DO NOT allow the public to watch or participate in the visit!
Disclosures of Protected Health Information (PHI). A good faith disclosure of such information will not be prosecuted. Examples include allowing a provider or business associate to share PHI for such purposes as controlling the spread of COVID-19, providing COVID-19 care, and even notifying the media, even if the patient has not, or will not grant his or her permission.
Business Associate Agreement (BAA). As most healthcare providers know, a BAA agreement between a provider and an entity that may have access to PHI is required by law. During the COVID-19 pandemic, the lack of a BAA is not an automatic violation.
Join Florida Healthcare Law Firm Attorney Chase Howard on our free webinar titled “How can you transform your business to be prepared for future situations like COVID-19?”
Faced with the reality of remote operation, we’ll talk about how your business prepare to thrive in a similar scenario in the future.
What to do with remote staff when it comes to contracts, operations and patient privacy.
How do Federal regulations impact telework.
Could expanded telehealth laws ease the transition to remote care in a future crisis.
Presenter:Chase Howard, Esq. is an Attorney at the Florida Healthcare Law Firm and has focused his legal practice on health law, medical malpractice defense, business law, and contracts. He deploys crucial skills gained through hands-on business experience in the medical tech world to service clientele such as medical spas, medical practices, medical technology businesses, healthcare business entities, physicians, chiropractors, and dentists. Chase’s experience working in University of Miami Health System’s Risk Management Department provided him with a strong understanding of legal compliance in the healthcare world as well as experience in liability assessment, prevention and defense. With his multi-specialty background, Chase’s practice focuses on all aspects of transactional Health Law, MedSpa Start-up and consulting, general business law, and MedTech.
On October 23, 2019, the U.S. Department of Health and Human Services has imposed a civil money penalty of over $2 million against Jackson Health System in Florida for repeated HIPAA violations.
The HIPAA violations mentioned in the HHS Press Release include: 1-Loss of paper patient records in December 2012; 2-Loss of additional paper patient records in January 2013; 3-A media report containing patient information (a photo shared on social media); 4-Employees accessing the information of one patient without a job related purpose; 5- An employee’s improper access and sale of patient records in 2011.
“OCR’s investigation revealed a HIPAA compliance program that had been in disarray for a number of years,” said OCR Director Roger Severino. The state of the compliance program allowed for the failure of several HIPAA requirements, including provision of timely and accurate HIPAA breach notifications, performance of regular risk assessments, investigation of identified risks, audits of system activity records, and imposing appropriate restrictions on workforce members’ access to patient information. The government’s final determination is available here.
When a HIPAA breach is discovered and reported, the government will often take the time to review a covered entity’s history of compliance or non-compliance. This may include an investigation into prior issues, effectiveness of policies and procedures, and employee issues. Overlooking one suspected breach may result in the imposition of sanctions on any later breach. This is why it’s so important for a healthcare business to understand its HIPAA obligations and take them seriously.
When was the last time your business conducted a security risk assessment to understand its potential risk areas for security breaches? If you’ve never had one, or haven’t had one recently, the time is now to conduct one. “When was your last security risk assessment?” is often the first thing that the government will ask in response to a breach.
Federal fines for noncompliance with HIPAA are based on the level of negligence perceived by the Federal government at the time of the breach. Fines and penalties range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million. Simply put, your healthcare business can’t afford to bury its head and hope that it won’t be hit.
You might have recently received a holiday gift of a direct-to-consumer genetic testing kit from Ancestry.com or 23andMe.com (or any other number of companies). So exciting! In our melting pot society, one can’t help but be curious about where they come from and if they are more likely than any other person to be subject to any number of ailments.
Not so fast though! Before you swab yourself and send away your genes for testing, you might consider what you’re exposing yourself to. Direct-to-consumer genetic testing companies, which provide genetic testing directly to consumers without any intervening healthcare provider, are not bound by HIPAA. They are not considered “covered entities”, and therefore not required to use the same protections for genetic information the way a hospital or your doctor would.
There are perfectly compliant ways to engage with healthcare marketers, and then there’s this; here are some of the latest real-life examples:
“DME BRACE CAMPAIGN – $40 to $150 PER LEAD PER BRACE”
“DME DIABETIC LEADS $40 PER LEAD, INSURANCE AND DOC INFO INCLUDED”
“PAIN CREAM/LIDOCANE LEADS FOR SALE, RX INCLUDED”
These marketers are seemingly holding auctions for the sale of federally protected patient health information out to the highest bidder! Couldn’t make this stuff up – if you’re in this industry, a quick gander at your (business) social media platforms will quickly confirm it.
Health law is the federal, state, and local law, rules, regulations and other jurisprudence among providers, payers and vendors to the healthcare industry and its patient and delivery of health care services; all with an emphasis on operations, regulatory and transactional legal issues.