Disclaimer
This publication is designed to provide general information on pertinent legal topics. The statements made are provided for educational purposes only. They do not constitute legal or financial advice nor do they necessarily reflect the views of Holland & Hart LLP or any of its attorneys other than the author. This publication is not intended to create an attorney-client relationship between you and Holland & Hart LLP. Substantive changes in the law subsequent to the date of this publication might affect the analysis or commentary. Similarly, the analysis may differ depending on the jurisdiction or circumstances. If you have specific questions as to the application of the law to your activities, you should seek the advice of your legal counsel.
Privacy Policy
View our privacy policy.
Mandatory Flu Vaccines Land Healthcare Facility In Court
/in Employee BenefitsBy Bradley Cave
After rescinding a job offer to an applicant, a Michigan healthcare provider finds itself in federal court defending a religious accommodation claim. If your organization requires employees to get flu vaccines, your policy should address how to handle religious objections. Here are details from the complaint that resulted in this recent discrimination lawsuit and steps you should take when facing similar circumstances.
Prospective Employee Suggests Reasonable Accommodation to Flu Shot
According to the complaint filed by the Equal Employment Opportunity Commission (EEOC), Yvonne Bair applied for a medical transcriptionist position in early 2016 with Memorial Healthcare, a non-profit corporation located in Owosso, Michigan. The transcription position would involve working from home, but also required two months of training at Memorial Healthcare’s hospital in Owosso at the start of employment. Read more
Producing Patient Records: The “Designated Record Set,” the “Legal Health Record,” and Records Created by Other Providers
/in HIPAAHealthcare providers often misunderstand their obligation to provide patient records in response to a request from a patient or third party.
1. Patient Requests and the “Designated Record Set.” With very limited exceptions,[1] patients and their personal representatives generally have a right to access and/or require the disclosure of protected health information in the patient’s designated record set. (45 CFR § 164.524(a)). HIPAA defines “designated record set” as:
A group of records maintained by or for a covered entity that is:
(i) The medical records and billing records about individuals maintained by or for a covered health care provider; [or]
(iii) Used, in whole or in part, by or for the covered entity to make decisions about individuals.
(45 CFR § 164.501). As the OCR recently summarized:
The Privacy Rule generally requires HIPAA covered entities (health plans and most health care providers) to provide individuals, upon request, with access to the protected health information (PHI) about them in one or more “designated record sets” maintained by or for the covered entity. This includes the right to inspect or obtain a copy, or both, of the PHI, as well as to direct the covered entity to transmit a copy to a designated person or entity of the individual’s choice. Individuals have a right to access this PHI for as long as the information is maintained by a covered entity, or by a business associate on behalf of a covered entity, regardless of the date the information was created; whether the information is maintained in paper or electronic systems onsite, remotely, or is archived; or where the PHI originated (e.g., whether the covered entity, another provider, the patient, etc.).
Read more
IMGMA Q/A: Producing Records
/in GovernanceBy Kim Stanger
Ed. note: This article also appears in an issue of the Idaho MGMA monthly newsletter.
Question: What is the difference between a “designated record set” and “legal health record,” and what must we provide when we receive a request for “records”?
Answer: HIPAA defines “designated record set” as:
A group of records maintained by or for a covered entity that is:
(i) The medical records and billing records about individuals maintained by or for a covered health care provider; [or]
(iii) Used, in whole or in part, by or for the covered entity to make decisions about individuals.
(45 CFR 164.501). With very limited exceptions, patients and their personal representatives generally have a right to access protected health information in their designated record set. (45 CFR 164.524). As the OCR recently summarized: Read more
Reporting HIPAA Breaches: Annual Deadline Approaches
/in HIPAABy Kim Stanger
The HIPAA breach notification rule requires covered entities to report breaches of unsecured protected health information (“PHI”) to affected individuals, HHS and, in some cases, local media. (45 CFR § 164.400 et seq.). The notice must be sent to individuals as soon as reasonably possible but no later than 60 days after it was discovered. (45 CFR § 164.404). The timing of notice to HHS depends on the number of persons affected by the breach: if the breach involves 500 or more persons, the covered entity must notify HHS at the same time it notifies the individual; if the breach involves less than 500 persons, the covered entity must report the breach to HHS until no later than 60 days after the end of the calendar year, i.e., by March 1. (45 CFR § 164.408(b)-(c)).
Is Your HIPAA Breach Reportable? Under the breach notification rule, covered entities are only required to self-report if there is a “breach” of “unsecured” PHI. (45 CFR § 164.400 et seq.). Read more
Non-Physicians Owning or Investing in Medical Practices in Idaho
/in Physician PracticesBy Kim Stanger
The Idaho Board of Medicine’s recent disavowal of the corporate practice of medicine doctrine has made it easier for corporations and non-physician individuals to invest in or own medical practices in Idaho.
The Corporate Practice of Medicine. For decades, the Idaho Board of Medicine took the position that, with limited exceptions, the Idaho Medical Practice Act “prohibits unlicensed corporations and entities from hiring physicians as employees to provide medical services to patients.” (Memo from J. Uranga to Idaho State Bd. of Medicine dated 2/26/07). This “corporate practice of medicine” doctrine (“CPOM”) had its foundation in a 1952 Idaho Supreme Court case which held that:
[n]o unlicensed person or entity may engage in the practice of the medical profession though licensed employees; nor may a licensed physician practice as an employee of an unlicensed person or entity. Such practices are contrary to public policy.
(Worlton v. Davis, 73 Idaho 217, 221 (1952)). The Board of Medicine warned that violations of the doctrine may result in disciplinary action against physicians and, more recently, physician assistants. Entities that improperly employed physicians or physician assistants risked the possibility of criminal action for the unauthorized practice of medicine. Read more