Disclaimer
This publication is designed to provide general information on pertinent legal topics. The statements made are provided for educational purposes only. They do not constitute legal or financial advice nor do they necessarily reflect the views of Holland & Hart LLP or any of its attorneys other than the author. This publication is not intended to create an attorney-client relationship between you and Holland & Hart LLP. Substantive changes in the law subsequent to the date of this publication might affect the analysis or commentary. Similarly, the analysis may differ depending on the jurisdiction or circumstances. If you have specific questions as to the application of the law to your activities, you should seek the advice of your legal counsel.
Privacy Policy
View our privacy policy.
2019 Utah Legislative Update: What All Healthcare Providers Should Know
/in Legislation, Pharmaceutical, State Law Updatesby Kristy Kimball
In the last Utah legislative session, several bills were passed that affect the obligations of healthcare facilities and providers. Following is a summary of three important bills that went into effect on May 14, 2019, of which all health facilities and providers should be aware.
Mandatory Reporting of Drug Diversion to Law Enforcement
House Bill 251 requires mandatory reporting to law enforcement when one has knowledge of drug diversion. Specifically, Utah law now holds that an individual is guilty of a class B misdemeanor if they: (i) know that a Practitioner is diverting 500 or more morphine milligram equivalents to another person for an unlawful purpose; and (ii) fail to report to law enforcement. The bill defines “Practitioner” as an individual who is either (i) allowed to “administer, dispense, distribute, or prescribe a drug in the course of professional practice;” or (ii) who is employed by such an individual. The law broadly applies to those involved in providing medications to patients in any manner (e.g., nurses, physicians, nurse practitioners, physician assistants, and pharmacists) as well as those working for such individuals. Utah Code Ann. § 76-10-2204.
Read moreLiability of Business Associates for HIPAA Penalties
/in Data Privacy, Health Information, HIPAAThe HITECH Act extended certain HIPAA obligations to business associates, including those entities that create, receive, maintain or transmit protected health information (“PHI”) on behalf of covered entities. Business associates who fail to comply with their HIPAA obligations may be directly liable for HIPAA penalties ranging from $114 to $57,0511 per violation.
Read moreCMS Issues DRAFT Guidance for Hospital Co-location with Other Hospitals or Healthcare Facilities
/in MedicareBy Cory Talbot
Earlier this month, the Centers for Medicare & Medicaid Services (“CMS”) issued draft “Guidance for Hospital Co-location with Other Hospitals or Healthcare Facilities” (the “Draft Guidance”) intended to change earlier CMS guidance, which prohibited hospital co-location with other hospitals or healthcare facilities. The Draft Guidance plainly states that “[h]ospitals can be co-located with other hospitals or other healthcare entities”1 and is designed to clarify how CMS and surveyors “will evaluate a hospital’s space sharing or contracted staff arrangements with another hospital or health care entity when assessing the hospital’s compliance with”2 the Medicare Conditions of Participation (the “CoPs”) for shared space, contracted services, and emergency services.3 Read more
Despite Increased Awareness and Employee Training, Ransomware Is Still the Healthcare Industry’s No. 1 Threat
/in HIPAABy Claire Rosston
Ransomware accounted for more than 1 in 10 healthcare data breaches reported to the government during the last three years, according to analysis by Bloomberg Law. Cybercriminals capitalize on lack of employee training by sending emails with malicious attachments to gain access to healthcare providers’ and business partners’ networks. With this access, the ransomware typically encrypts all of the data within the organization’s network that cannot be recovered until the ransom is paid for the decryption key. Read more
HHS Reduces the Annual Cap for Most HIPAA Penalties
/in HIPAAby Kim Stanger
HIPAA penalties vary depending on the type of conduct involved. (45 CFR § 160.404). Under HHS’s prior interpretation, the types of violations were all subject to an annual maximum penalty of $1,500,000 for identical types of violations. (Id.).
Read more