March 20, 2020

Healthcare Employers and the Families First Coronavirus Response Act

By Brit (Brittany) MerrillS. Jordan Walsh, and Bradley Cave

The Families First Coronavirus Response Act (FFCRA) was signed into law on March 18, 2020 and becomes effective on April 2, 2020. As part of the FFCRA Congress enacted the Emergency Family and Medical Leave Expansion Act (“Expansion Act”) and the Emergency Paid Sick Leave Act (“Sick Leave Act”). Sections I and II below summarize how the Expansion Act and the Sick Leave Act will apply to employers generally. Please contact your Holland & Hart attorney for specific questions relating to your workforce. Continue reading

March 20, 2020

Telehealth and COVID-19

By Kim Stanger

Federal Action. To promote the use of telehealth in response to Coronavirus, the federal government took several significant steps this week:

  • Medicare dramatically expanded the telehealth services for which it will pay.
  • HHS suspended HIPAA security rule requirements that may have otherwise limited the technology used for telehealth visits. As a result, providers are free to use non-public facing applications such as FaceTime, Skype, Facebook Messenger, Google Hangouts, etc., to conduct telehealth visits. They should not use public-facing applications such as Facebook Live, Twitch, TikTok, etc.
  • HHS suspended the HIPAA rule that would require the distribution of a Notice of Privacy Practices at the time of service.
  • The DEA now allows registered practitioners to issue prescriptions for all schedule II-V controlled substances to patients for whom they have not conducted an in-person medical evaluation, provided all of the following conditions are met: (i) the prescription is issued for a legitimate medical purpose by a practitioner acting in the usual course of his/her professional practice; (ii) the telemedicine communication is conducted using an audio-visual, real-time, two-way interactive communication system; and (iii) the practitioner is acting in accordance with applicable federal and state laws.

State Action. Importantly, the federal actions do not remove state law limits on telehealth. Many states impose licensure, technology, consent, or other procedural requirements. Unless waived by state agencies, these state laws must also be considered before launching telehealth services. Continue reading

March 17, 2020

HIPAA Tips: Information for Covered Entities and Employers

By Kristy M. Kimball and Lisa Carlson

What’s the Issue?

Covered entities, such as hospitals and other healthcare providers, may be asked by unrelated third-parties for information relating to a patient’s diagnosis or presumed diagnosis of COVID-19.

The information below outlines how the Health Insurance Portability & Accountability Act (“HIPAA”) applies to health information obtained or maintained by those subject to HIPAA (e.g., covered entities or business associates of covered entities), but does not cover state-specific privacy laws or employment-specific confidentiality laws. For example, the ADA, FMLA, and workers compensation laws all have confidentiality aspects that will impact employers. Continue reading

March 12, 2020

Fraud and Abuse in Private Payor Situations

By Kim Stanger

Healthcare attorneys and their clients are generally aware of and take appropriate steps to avoid the severe penalties that may follow fraud and abuse of government payor programs such as Medicare and Medicaid. They may be less attuned to their potential liability in private payor situations and, consequently, more cavalier when considering mistakes, misconduct, and potential repayments to private payors, including patients, residents, insurers, or other third parties. Red flag situations may include, e.g., waiving copays or deductibles; providing patient or resident discounts or other inducements to receive services, especially for out-of-network patients; kickbacks or similar arrangements to induce referrals; billing and coding errors; false claims; billing for medically unnecessary services; billing for services that were provided by unlicensed or uncredentialed providers or misrepresenting the provider of services; failing to comply with coordination of benefits or secondary payor rules; double payments; claims that lack sufficient documentation; or claims for substandard care. Whether due to business concerns or regulatory mandates, private payors seem to be increasingly active in monitoring and responding to potential provider fraud or abuse. This memo will summarize some of the statutory, contractual, and common law bases for private payor enforcement. Continue reading

March 11, 2020

Beware Laws Affecting Healthcare Transactions

By Kim Stanger

Republished with permission, this article originally appeared in the online edition of Idaho State Bar’s The Advocate on March 11, 2020.  

Attorneys risk substantial fines, malpractice claims, and even jail time for violating any of several laws implicated in even simple healthcare transactions.  Federal and state healthcare laws potentially affect any financial transaction involving healthcare providers, including employment or service contracts, group compensation structures, investment interests and joint ventures, leases for space or equipment, marketing programs, and patient billing practices.  Failure to comply may result in significant fines and penalties for clients as well as malpractice claims—or worse—against their lawyers.  This article describes several statutes and regulations that can be traps for the unwary in healthcare transactions. Continue reading

March 11, 2020

Update on Corporate Practice of Medicine Under Idaho Law

By Gabriel (Gabe) Hamilton

Republished with permission, this article originally appeared in the online edition of Idaho State Bar’s The Advocate on March 11, 2020.

In 2016, the Idaho Board of Medicine abandoned its position that Idaho law prohibits physicians from being employed by non-physicians. The Board’s new position removes obstacles to non-physician investments in medical practices and other transactions that previously were prohibited by the Board’s enforcement of an antiquated rule known as the corporate practice of medicine doctrine (“COPM”). Continue reading

March 5, 2020

Minors’ Ability to Consent to Medical Treatment Under Utah Law

By Kristy M. Kimball

Medical providers are sometimes faced with the difficult scenario of a minor (under 18 years of age) requesting medical or mental health treatment without a parent’s or legal guardian’s consent. This situation often arises in the context of sexually active minors who wish to obtain contraceptives available only through a medical provider (e.g., prescription birth control, IUD, etc.). When facing such scenarios, Utah providers need to be aware of relevant laws and carefully consider other implications. Continue reading

February 19, 2020

Use of PHI for Non-Patient Purposes

By Kim Stanger

In an era of decreasing reimbursement and rapidly expanding opportunities associated with “big data”, healthcare entities may be looking for ways to monetize protected health information (“PHI”)1 for their own, non-patient purposes. With limited exceptions, however, HIPAA restricts the use of PHI for non-treatment purposes without the patient’s consent. Failure to comply may subject HIPAA covered entities, business associates, and third parties to significant civil, administrative, and criminal penalties. (See, e.g., 42 U.S.C. § 1320d-6; 45 C.F.R. § 160.404).

Continue reading

February 7, 2020

Modified HIPAA Rules for Sending Records to Third Parties

By Kim Stanger

Thanks to a federal judge, the Office for Civil Rights has modified its rules for sending records to third parties.  Covered entities are no longer required by HIPAA to send non-electronic protected health information (“PHI”) to a third party at the patient’s request.  In addition, covered entities are no longer limited to charging a reasonable cost-based fee when sending records to a third party. 

The Third-Party Directive.  In 2009, the Health Information Technology for Economic and Clinical Health (“HITECH”) Act modified HIPAA to simplify the process for producing ePHI:

In the case that a covered entity uses or maintains an electronic health record with respect to protected health information of an individual … the individual shall have a right to obtain from such covered entity a copy of such information in an electronic format and, if the individual chooses, to direct the covered entity to transmit such copy directly to an or person designated by the individual, provided that any such choice is clear, conspicuous, and specific.

(42 U.S.C. §17935(e)(1)). 

Continue reading

January 28, 2020

HIPAA, Psychotherapy Notes, and Other Mental Health Records

By Kim Stanger

The HIPAA privacy rules give special protection to “psychotherapy notes,” but providers often misunderstand what are and are not covered and how they differ from other mental health records.

I. “Psychotherapy Notes” Defined.

Contrary to popular belief, HIPAA does not provide special protection to mental health records in general, but it does give added protection to “psychotherapy notes”. As defined by HIPAA,

Psychotherapy notes means notes recorded (in any medium) by a health care provider who is a mental health professional documenting or analyzing the contents of conversation during a private counseling session or a group, joint, or family counseling session and that are separated from the rest of the individual’s medical record. Psychotherapy notes excludes medication prescription and monitoring, counseling session start and stop times, the modalities and frequencies of treatment furnished, results of clinical tests, and any summary of the following items: Diagnosis, functional status, the treatment plan, symptoms, prognosis, and progress to date.

Continue reading