In the Spring 2015 edition of The Wharton Healthcare Quarterly, Duane Morris partner Lisa Clark’s article, “Affidavit: Healthcare and the Law – Healthcare Reform Update: What’s in a Name?,” discussed the innovations under the Affordable Care Act (ACA). One of the innovations was the Accountable Care Organization (ACO), where a new healthcare reimbursement system was introduced as an alternative to the tradition fee-for-service model. Over the years, the Accountable Care Organizations and other value-based models will be tested and hopefully, there will be buzz around this new model in the next year.
In early January, 2014, the Office of Inspector General (“OIG”) for the Department of Health and Human Services (“HHS”) issued a report criticizing HHS’s Centers for Medicare and Medicaid Services (“CMS”) for failing to adopt stronger integrity practices governing electronic health records (“EHRs”). “CMS And Its Contractors Have Adopted Few Program Integrity Practices To Address Vulnerabilities In EHRs,” oig.hhs.gov/oei/reports/oei-01-11-00571.pdf. Here are some of the OIG’s challenges and concerns: “…clues within the progress notes, handwriting styles, and other attributes that help corroborate the authenticity of paper medical records are largely absent in EHRs. Further, tracing authorship and documentation in an EHR may not be as straightforward as tracing in a paper record. Health care providers can use EHR software features that may mask true authorship of the medical record and distort information in the record to inflate health care claims.” Continue reading OIG Criticizes CMS For Lack Of Adequate Fraud Detection Practices in Electronic Health Records
One of the reasons why consumers, healthcare providers, investors, the government and others have been slow to adopt mobile health applications and software (apps), are concerns about the privacy and security of data collected through the apps. For instance, Appthority, a service provider that offers an app risk management solution, recently reported that the iPharmacy Drug Guide and Pill ID app “is playing fast and loose with your personal info.” www.appthority.com/news/mobile-threat-monday-android-app-leaks-your-medical-info-online. iPharmacy is a free app that allows consumers to maintain a personal health record on their prescription drugs, look up information on a drug, provide reminders, and maintain pharmacy discount cards. Continue reading mHealth App Use: Is Data Truly Protected?
Mobile health application developers, manufacturers, investors, healthcare providers and others received welcome news late last month when the U.S. Food and Drug Administration published its long-awaited final guidance on mobile medical applications under the Federal Food, Drug, and Cosmetic Act. It is vital for any app developer to understand whether the guidance applies to their product from the initial design stage. Those who are already marketing software and apps that involve healthcare should also review the guidance with care to try to determine how FDA’s new regime impacts both business plans and continuing operations.
Covered Entities Cautioned Regarding Use of Business Associates
On July 8, 2013, health insurer WellPoint, Inc. entered into a Resolution Agreement with the U.S. Department of Health and Human Services, Office for Civil Rights (HHS), agreeing to pay HHS $1.7 million to resolve an HHS complaint regarding violations of the HIPAA Privacy and Security Rules during the period of October 23, 2009, through March 7, 2010. WellPoint reported a breach of electronic protected health information (ePHI) on June 18, 2010, leading to an HHS investigation that commenced on September 9, 2010.
The WellPoint matter serves as a reminder to HIPAA-covered entities and subcontractors that are business associates to comply with the HIPAA Security Rule and to prudently oversee the services provided by these business associates.
Click here to read the full Alert.
Duane Morris, in conjunction with the Wharton Health Care Management Alumni Association and Locust Walk Partners, presented a networking reception and panel discussion of the key legal and business issues for mHealth app developers and entrepreneurs on Wednesday, June 26, 2013, at the University of Pennsylvania’s Bodek Lounge. Panelists discussed topics including healthcare industry trends and mHealth growth; investment and business trends; legal and regulatory issues; and healthcare IT and reimbursement issues.
Click here to see pictures of the event.
Mobile health (“mHealth”) medical app developers, including health information technology (“HIT”) and telemedicine app developers, tend to focus on FDA requirements. Indeed since many of these apps may be categorized as medical devices, and the FDA approval process is lengthy, developers are wise to focus on whether an app is regulated by the FDA. But a successful developer should also build privacy protections (e.g., privacy policies) and security protections (e.g., disaster recovery) into its product from the earliest stages. The Federal Trade Commission (“FTC”) calls this “Privacy By Design.” “Security By Design” is the corollary. Continue reading Attention mHealth, HIT and Telemedicine App Developers: Privacy and Security By Design Is Critical
The meaningful use (MU) regulations provide incentive monies for hospitals and physicians that establish electronic health records systems (EHRs) and satisfy other criteria, such as providing new forms of ‘patient engagement’ like technologically-enabled patient-provider communications. The advantages of a wireless record-sharing are enormous – quicker diagnoses, better quality tracking, and seamless payment systems. But there are lots of steps and decisions required in setting up EHRs and developing broader data exchange systems like health information organizations/exchanges (HIOs or HIEs). Last week, the Department of Health and Human Services’ Office of the National Coordinator denied certification for two small EHRs and promised ongoing rigorous enforcement of EHRs. Continue reading Electronic Health Records and Health Information Exchanges/Organizations: The Changing Landscape
On January 17, 2013 the federal Department of Health & Human Services (“HHS”) announced a final omnibus rule that details amendments to the privacy, security, data breach and enforcement rules under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The 2013 HIPAA Amendments (which, with commentary from HHS, weighs in at 563 pages) are closely based on statutory changes under the HITECH Act of 2009, and were previewed in proposed and interim rules issued by HHS several years ago. Continue reading HHS (Finally) Announces The HIPAA/HITECH Amendments
Mobile health (“mHealth”, “telehealth” or any other terms for health care delivered wirelessly) is revolutionizing the health care industry. That message resounded at last week’s mHealth Summit, which gathered roughly 4,000 investors and angel-funders, telecom and software companies, and entrepreneurs and developers to share ideas and display new mHealth products. Hot mHealth areas include data analytics, texting and medical records. Home health and medical homes also stand to benefit with the introduction of products designed to submit protected health information (“PHI”) and other data between patient and provider. Continue reading mHealth/Telehealth Investors and Entrepreneurs: The Generational Divide