Disclaimer
This publication is designed to provide general information on pertinent legal topics. The statements made are provided for educational purposes only. They do not constitute legal or financial advice nor do they necessarily reflect the views of Holland & Hart LLP or any of its attorneys other than the author. This publication is not intended to create an attorney-client relationship between you and Holland & Hart LLP. Substantive changes in the law subsequent to the date of this publication might affect the analysis or commentary. Similarly, the analysis may differ depending on the jurisdiction or circumstances. If you have specific questions as to the application of the law to your activities, you should seek the advice of your legal counsel.
Privacy Policy
View our privacy policy.
HIPAA, Business Associates, and the Conduit Exception
/in HIPAABy Kim Stanger
The HIPAA privacy and security rules impose significant requirements on covered entities and their business associates; violations may result in penalties ranging from $119 to $59,522 per violation. (45 CFR § 160.404; 45 CFR § 102.3; 85 FR 2879). “Business associates” are generally those entities that create, receive, maintain or transmit protected health information (“PHI”) on behalf of a covered entity (45 § CFR 160.103, definition of business associate); thus, most entities that handle data for healthcare providers or their business associates will become business associates and subject to HIPAA requirements, including data storage, data transmission, and cloud services providers unless an exception applies. Read more
Directed Referrals: New Stark Rules
/in StarkBy Kim Stanger
Under the federal Stark law, hospitals and other healthcare employers may require that employed or contracted physicians refer items or services to the hospital or another designated provider subject to certain limits. (42 CFR § 411.354(d)(4); see https://www.hollandhart.com/requiring-referrals-from-employees-and-contractors). Effective January 19, 2021, CMS modified the rules for such directed referral requirements in physician agreements. If they have not done so, hospitals and other providers will need to update their physician agreements if they want to require employed or contracted physicians to refer designated health services to the employer. Read more
HIPAA, Patient Access, and Designated Record Sets
/in HIPAABy Kim Stanger
With limited exceptions,1 HIPAA generally gives individuals the right to access or obtain copies of their protected health information (“PHI”) from covered entities. (45 CFR § 164.524(a)). But the right of access does not apply to all PHI that a covered entity might have; instead, individuals only have a right to access information in their “designated record set”. This article summarizes relevant standards for determining which records patients have a right to access. Read more
HHS Proposes Modifications to the HIPAA Privacy Rule
/in HIPAAOn December 10, the U.S. Department of Health and Human Services (HHS) announced proposed changes to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule to support individuals’ engagement in their care, remove barriers to coordinated care, and reduce regulatory burdens on the healthcare industry. The Holland & Hart Healthcare Group shares this important update from HHS for your information:
Read the HHS Update.
We will continue to monitor this news and will provide more in-depth insights on the impacts of the proposed modifications.
New Stark and Anti-Kickback Statute Comparisons
/in Anti-Kickback, StarkBy Kim Stanger, J. Malcolm DeVoy, and Amber Ellis
On November 20, 2020, CMS and the OIG published their much anticipated amendments to the federal Stark and Anti-Kickback laws. As summarized in our recent client alert, the changes open the door to value-based contracting with potential referral sources. They also modify existing regulations and create new safe harbors applicable to provider relationships.
Read more