Disclaimer
This publication is designed to provide general information on pertinent legal topics. The statements made are provided for educational purposes only. They do not constitute legal or financial advice nor do they necessarily reflect the views of Holland & Hart LLP or any of its attorneys other than the author. This publication is not intended to create an attorney-client relationship between you and Holland & Hart LLP. Substantive changes in the law subsequent to the date of this publication might affect the analysis or commentary. Similarly, the analysis may differ depending on the jurisdiction or circumstances. If you have specific questions as to the application of the law to your activities, you should seek the advice of your legal counsel.
Privacy Policy
View our privacy policy.
Update on Corporate Practice of Medicine Under Idaho Law
/in Idaho Healthcare LawBy Gabriel (Gabe) Hamilton
Republished with permission, this article originally appeared in the online edition of Idaho State Bar’s The Advocate on March 11, 2020.
In 2016, the Idaho Board of Medicine abandoned its position that Idaho law prohibits physicians from being employed by non-physicians. The Board’s new position removes obstacles to non-physician investments in medical practices and other transactions that previously were prohibited by the Board’s enforcement of an antiquated rule known as the corporate practice of medicine doctrine (“COPM”). Read more
Minors’ Ability to Consent to Medical Treatment Under Utah Law
/in Consent, Healthcare LawBy Kristy M. Kimball
Medical providers are sometimes faced with the difficult scenario of a minor (under 18 years of age) requesting medical or mental health treatment without a parent’s or legal guardian’s consent. This situation often arises in the context of sexually active minors who wish to obtain contraceptives available only through a medical provider (e.g., prescription birth control, IUD, etc.). When facing such scenarios, Utah providers need to be aware of relevant laws and carefully consider other implications. Read more
Use of PHI for Non-Patient Purposes
/in Data Privacy, HIPAABy Kim Stanger
In an era of decreasing reimbursement and rapidly expanding opportunities associated with “big data”, healthcare entities may be looking for ways to monetize protected health information (“PHI”)1 for their own, non-patient purposes. With limited exceptions, however, HIPAA restricts the use of PHI for non-treatment purposes without the patient’s consent. Failure to comply may subject HIPAA covered entities, business associates, and third parties to significant civil, administrative, and criminal penalties. (See, e.g., 42 U.S.C. § 1320d-6; 45 C.F.R. § 160.404).
Read more
Modified HIPAA Rules for Sending Records to Third Parties
/in Data Privacy, HIPAABy Kim Stanger
Thanks to a federal judge, the Office for Civil Rights has modified its rules for sending records to third parties. Covered entities are no longer required by HIPAA to send non-electronic protected health information (“PHI”) to a third party at the patient’s request. In addition, covered entities are no longer limited to charging a reasonable cost-based fee when sending records to a third party.
The Third-Party Directive. In 2009, the Health Information Technology for Economic and Clinical Health (“HITECH”) Act modified HIPAA to simplify the process for producing ePHI:
In the case that a covered entity uses or maintains an electronic health record with respect to protected health information of an individual … the individual shall have a right to obtain from such covered entity a copy of such information in an electronic format and, if the individual chooses, to direct the covered entity to transmit such copy directly to an or person designated by the individual, provided that any such choice is clear, conspicuous, and specific.
(42 U.S.C. §17935(e)(1)).
Read more
HIPAA, Psychotherapy Notes, and Other Mental Health Records
/in Data Privacy, HIPAABy Kim Stanger
The HIPAA privacy rules give special protection to “psychotherapy notes,” but providers often misunderstand what are and are not covered and how they differ from other mental health records.
I. “Psychotherapy Notes” Defined.
Contrary to popular belief, HIPAA does not provide special protection to mental health records in general, but it does give added protection to “psychotherapy notes”. As defined by HIPAA,
Psychotherapy notes means notes recorded (in any medium) by a health care provider who is a mental health professional documenting or analyzing the contents of conversation during a private counseling session or a group, joint, or family counseling session and that are separated from the rest of the individual’s medical record. Psychotherapy notes excludes medication prescription and monitoring, counseling session start and stop times, the modalities and frequencies of treatment furnished, results of clinical tests, and any summary of the following items: Diagnosis, functional status, the treatment plan, symptoms, prognosis, and progress to date.