Health Law Blog - Healthcare Legal Issues

Archive for the ‘Uncategorized’ Category

We Received a PPP Loan – Now What?

Tuesday, May 5th, 2020

We Received a PPP Loan—Now What?

I wanted to direct everyone over to my law firm’s main website for excellent COVID-19 legal development coverage. Ruder Ware COVID-19 Coverage.

With a second round of Paycheck Protection Program (“PPP”) funding coming available last week, a large percentage of small businesses either have already received (or will soon receive) the proceeds of a PPP loan. At only one percent interest over two years, PPP loans present a great opportunity, but, obviously, businesses are most interested in the forgiveness component. Maximizing loan forgiveness is key.

Three of my law partners, Mary Ellen Schill, Amy E. Ebeling and Associate Benjamin E. Streckert have published a great article on what to do one you receive your Paycheck Protection Program check. Check out this article and our other great coverage of COVID-19 legal issues – Ruder Ware COVID-19 Coverage

Complying with HIPAA and Beyond during COVID-19

Wednesday, April 22nd, 2020

Safeguarding Patient Health Information in an Emergency Situation

Even in an emergency situation such as that presented by the COVID-19 pandemic, covered entities must continue to meet their obligations under federal and state laws protecting confidentiality of patient health care information, to implement reasonable safeguards to protect patient information against intentional or unintentional impermissible uses and disclosures. They must continue to comply with the administrative, physical, and technical safeguards of the security rule and privacy rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Covered Entities must continue to comply with HIPAA and other confidentiality laws during the COVID-19 pandemic. Certain emergency provisions may apply in applicable state and federal regulations.

The obligation to conduct periodic HIPAA security assessments continues, even during the existence of an emergency or natural disaster. The obligation to meet the requirements of state laws protecting special status health information such as mental health records and drug and alcohol rehabilitation records, also continues through a pandemic.

Each of the bodies of regulations that apply to patient health information contain certain specific provisions that can apply during a pandemic. For example, HIPAA permits disclosures to public health authorities and others where it is necessary for purposes of controlling the spread of the virus or to otherwise protect the public from harm. These exceptions permit disclosures that may be in the public good for purposes of addressing the emergency situation. The emergency exceptions do not provide blanket exemption from assuring compliance with applicable regulations.


HIPAA Applies Only to Covered Entities and Business Associates, But Other Laws May Apply More Broadly

The HIPAA Privacy Rule applies to disclosures made by employees, volunteers, and other members of a covered entity’s or business associate’s workforce. HIPAA does not apply to others, such as some emergency workers, law enforcement, fire responders, and other first responders who may be involved in the course of a patient’s health care episode. But you should be aware that other laws, such as laws protecting confidentiality of mental health treatment information and substance/alcohol rehabilitation records, may be applicable and will normally be more protective of patient confidentiality than HIPAA. Covered entities include health plans, health care clearinghouses, and most health care providers. Business associates generally are persons or entities that are not inside the organization and who perform functions or activities on behalf of, or provide certain services to, a covered entity that involve creating, receiving, maintaining, or transmitting protected health information.


Business associates also include subcontractors of other business associates that create, receive, maintain, or transmit protected health information. The HIPAA privacy rules do not apply to disclosures made by entities or other persons who are not covered entities or business associates. (although such persons or entities are free to follow the standards on a voluntary basis if desired). There may be other state or federal rules that apply.
A business associate of a covered entity may make disclosures permitted by the HIPAA rules, including those that are available in the case of an emergency.


Although HIPAA may not apply to law enforcement and others who may come into possession of information concerning the health care of an individual, other federal and state laws apply more broadly and extend beyond covered entities and business associates. For example, the regulations applicable to substance and alcohol abuse records are subject to laws prohibiting any party who receives the protected information from the provider to comply with a prohibition against redisclosure. Even though law enforcement and other first responders may not be covered entities or business associates as defined in HIPAA, the provisions of 42 CFR Part 2, the federal regulations providing confidentiality protection for substance and alcohol abuse treatment records, and possibly state laws protecting mental health records, may impose an obligation on law enforcement and other non-covered entities, to maintain the confidentiality of the information that they receive.


We previously released a blog article describing some of the Emergency Provisions available under HIPAA.

Coronavirus Checklist for Nursing Homes and Hospitals

Thursday, April 16th, 2020


Follow the links below to download from the CDC.

A coronavirus preparedness checklist for hospitals, including long-term acute care hospitals are available from the CDC.

Interim Infection Prevention and Control Recommendations for Patients with Confirmed Coronavirus Disease 2019 (COVID-19) or Persons Under Investigation for COVID-19 in Healthcare Settings:

Strategies to Prevent the Spread of COVID-19 in Long-Term Care Facilities (LTCF):

Denial of Access to Deadbeat Patients

Wednesday, May 2nd, 2018

Private Practice Revises Access Procedure to Provide Access Despite an Outstanding Balance

A complainant alleged that a private practice physician denied her access to her medical records, because the complainant had an outstanding balance for services the physician had provided. During OCR’s investigation, the physician confirmed that the complainant was not given access to her medical record because of the outstanding balance. OCR provided technical assistance to the physician, explaining that, in general, the Privacy Rule requires that a covered entity provide an individual access to their medical record within 30 days of a request, regardless of whether or not the individual has a balance due. Once the physician learned that he could not withhold access until payment was made, the physician provided the complainant a copy of her medical record.

Health Law Firm Opens Green Bay Office

Tuesday, May 1st, 2018

Green Bay Health Care Lawyer – Opening Office in Green Bay Wisconsin

I just wanted to let readers of our health care blog know that Ruder Ware will be opening a Green Bay office and that three Green Bay attorneys will be joining our firm. This will provide us with a presence in the Green Bay/Appleton Markets that will enhance our community presence and enable us to better serve our client in eastern Wisconsin. Our health care and compliance practice with be greatly enhanced as a result of this move.

This move will provide a local platform through which we can better serve our health care clients.

Health Care Law Practice – Green Bay Health Lawyers Ruder Ware

Ruder Ware has a long history of representing health care clients.  The firm recognizes that the highly regulated and complex nature of the industry demands the attention of a team of attorneys who, as a group, monitor constantly evolving laws and regulations and their impact on our health care clients.  At Ruder Ware, we offer a full-service solution to clients as our focus team consists of health care, business, employment, and litigation attorneys with knowledge of the health care industry.   As a result, we are able to take best practices from other industries and apply them to the health care industry, thereby increasing the ability to respond promptly to the rapidly changing health care environment.

Members of the focus team have served on the governing bodies of various health care organizations.  This service has provided our attorneys with the opportunity to counsel the health care community.  

Our dedicated team of attorneys represents health care providers in various matters including:

 Health Care Business Transactions and Corporate Law

Our attorneys have substantial expertise representing various health care providers such as:

Below is the official press release:

Media Contact:
Jamie Schaefer
COO
Ruder Ware, L.L.S.C.
P: 715.845.4336
E: jschaefer@ruderware.com

For Immediate Release

Attorneys Ronald Metzler, Christopher Pahl, and Chad Levanetz to join
Ruder Ware at its new Green Bay Office

WAUSAU, WI – April 27, 2018 – Ruder Ware is pleased to announce the opening of its Green Bay office and that Attorneys Ronald Metzler, Christopher Pahl, and Chad Levanetz will be joining the firm. The new office will be located at 222 Cherry Street, Green Bay, Wisconsin, which is the current location of Metzler, Timm, Treleven, S.C.

Attorney Ron Metzler – Having practiced law for over 30 years, Ron is a well-respected and well-known commercial attorney with close ties to the banking industry.

Attorney Chris Pahl – With his strong ties to the Green Bay community, Chris has built his practice around real estate development and condominium law as well as commercial transactions and estate planning.

Attorney Chad Levanetz – A seasoned litigation attorney, Chad counsels clients in the areas of real estate, construction, and general business disputes.

Stew Etten, Ruder Ware managing partner, stated, “Ruder Ware is always looking for outstanding attorneys to join our firm. With the opportunity to add Attorneys Metzler, Pahl, and Levanetz, the time was right to open a Green Bay office. We’re very excited to have attorneys of their caliber join our team of professionals.”

About Ruder Ware
Founded in 1920, Ruder Ware is the largest law firm headquartered north of Madison. With offices in Wausau, Eau Claire, and Green Bay over 40 attorneys provide legal and business advice to clients with operations of all sizes. Areas of practice include: Employment, Benefits & Labor Relations, Litigation & Dispute Resolution, Business Transactions, Trusts & Estates, and Fiduciary Services. Ruder Ware, Business Attorneys for Business Success. www.ruderware.com

Media Contact:
Jamie Schaefer
COO
Ruder Ware, L.L.S.C.
P: 715.845.4336
E: jschaefer@ruderware.com

Faxing Patient Health Information to Wrong Number – Compliance Risk Area

Tuesday, March 13th, 2018

Physician Revises Faxing Procedures to Safeguard PHI After Faxing PHI to Employer  by Mistake

faxing phi wrong numberA medical office recently settled with OCR after it allegedly disclosed a patient’s HIV status when the office mistakenly faxed medical records to the patient’s place of employment instead of to the patient’s new health care provider.  The employee responsible for the disclosure received a written disciplinary warning, and both the employee and the physician apologized to the patient.  To resolve this matter, OCR also required the practice to revise the office’s fax cover page to underscore a confidential communication for the intended recipient. The office informed all its employees of the incident and counseled staff on proper faxing procedures.

Two things pop about about this instance.  First, this was clearly a privacy violation.  The patient’s protected health information, which incidentally revealed his or her HIV status, we sent to the employer.  Secondly, it was evident from the facts that this was a mistake.  We aren’t told exactly how this mistake was made.  Was the fax number written down in the wrong box on the patient’s records?  Did the employee who faxed the records put the incorrect number on the fax cover sheet?  We may never know.  But this does raise the importance of being precise at all stages of the patient encounter to assure that no inadvertent violations occur.  Care you should be taken when information about the patient is initially entered into the system.  Individuals at all levels who may be responsible for transmitting PHI must be deliberate about their actions.  How many people have called or faxed something to the wrong person before?  How many people have written down the wrong telephone or fax number before?  Everyone?

This OCR settlement just illustrates that sometimes these small errors can have big implications.  It does not appear to have been any significant fines or loss of employment in this situation.  But we cannot downplay the potential embarrassment or other negative consequences of mistakes like these.  It is one thing to text your friend Bob rather than your friend Bobbie, and weirdly from Bob’s perspective say how wonderful last night was and how you can’t wait to see him again.  Telling a patient’s employer about their health condition can have consequences that are much harder to laugh off.

RCS-1 Model Worksheet Gives a Glimpse of a World Without RUG

Monday, March 12th, 2018

RCS-1 Sample Worksheet

Time Is Running Out on RUG System for Skilled Nursing Facility Reimbursement

It is currently anticipated that the RUG system, which is currently used to calculate reimbursement for Medicare Part A skilled nursing services, will be changed over the next year.  CMS is currently considering a new Resident Classification System that will completely change the way SNFs are reimbursed for their services.

Providers are getting glimpses of what may be included in the new calculation system.  CMS issued a draft sample worksheet using the RCS-1 system.  The stated purpose is to give providers a description of how the new system would work.  The worksheet gives a description of how a manual calculation would take place using the RCS-I methodology.

The sample draft worksheet that was issued by CMS is available here.  RCS_I_Logic-508_Final

Patient Access to Medical Records Created by Another Provider

Wednesday, March 7th, 2018

Private Practice Provides Access to All Records, Regardless of Source

A private practice denied an individual access to his records on the basis that a portion of the individual’s record was created by a physician not associated with the practice. While the amendment provisions of the Privacy Rule permit a covered entity to deny an individual’s request for an amendment when the covered entity did not create that the portion of the record subject to the request for amendment, no similar provision limits individuals’ rights to access their protected health information. Among other steps to resolve the specific issue in this case, OCR required the private practice to revise its access policy and procedures to affirm that, consistent with the Privacy Rule standards, patients have access to their record regardless of whether another entity created information contained within it.

Medical Alerts – HIPAA Implications of Flagging Patient Records

Tuesday, February 27th, 2018

Identification of AIDS Status Through Medical Alert System

Dentist Revises Process to Safeguard Medical Alert PHI

AIDS identification external alert HIPAAA recent OCR investigation of a dental practice’s flagging of patients records highlights a potential HIPAA violation.  The OCR investigation confirmed allegations that the dental practice flagged some of its medical records with a red sticker with the word “AIDS” on the outside cover.   Records were handled so that other patients and staff without need to know could read the sticker.  A patient complaint commenced an OCR investigation into whether the practice potentially identified the AIDS status of patients within the office.

When notified of the complaint filed with OCR, the dental practice immediately removed the red AIDS sticker from the complainant’s file. To resolve this matter, OCR also required the practice to revise its policies and operating procedures and to move medical alert stickers to the inside cover of the records. Further, the covered entity’s Privacy Officer and other representatives met with the patient and apologized, and followed the meeting with a written apology.

The lesson here is not to place special medical alerts on the outside of physical patient records.  This is a particularly bad practice in a dental office where the typical office setup can result in visual identification by other patients.  If a patient is being escorted by staff and is seen by other patients, the identification on the outside of the patient’s chart can easily be connected to the patient.  This creates a very sensitive potential violation of HIPAA and other laws protecting against disclosure of the AIDS status of individuals.

Providing Protected Health Information in Response to Subpoena

Thursday, February 22nd, 2018

OCR Citation for Improper Disclosure of PHI in Response to a Subpoena

unauthorized release phi subpoenaA health care provider or other covered entity under HIPAA is permitted to disclose protected health information if it receives a lawful order from a court or administrative tribunal.  this does not mean that a provider can simply release everything it has in a patient record when it receives a court order.  Some records, such as mental health or substance abuse records might have special protections or limitations that apply.  Additionally a provider should closely review the relevant order and only disclose the information that is specifically required by the order.

The ability to release information in response to a subpoena, as opposed to an order of a court, is subject to different rules.  Patient information can only be provided under subpoena if certain notification requirements of the Privacy Rule are met. The notification requirements require the provider who received the subpoena to obtain evidence that there were reasonable efforts to notify the person who is the subject of the information about the request.  This is intended to give the individual an opportunity to object to the disclosure, or obtain a protective order from the court.

The application of these rules are illustrated by a relatively recent OCR settlement involving a hospital that was accused of improperly disclosing PHI in response to a subpoena.  The hospital apparently failed to determine that reasonable efforts had been made to notify that individual whose PHI was being sought under the subpoena.  This had the effect of denying the individual the right to object or seek a protective order.

As part of the settlement with the Hospital, OCR required the hospital to revise its subpoena processing procedures. The new policies adopted by the offending hospital hold a lesson for all covered entities.  If a subpoena does not meet the requirements of the Privacy Rule, policy should require the covered entity to reach out to the party who issued the subpoena to explain the notification requirements.  Until those requirements are complied with, the information cannot be released.

Court Orders and Subpoenas – Release of Protected Health Information

John H. Fisher

Health Care Counsel
Ruder Ware, L.L.S.C.
500 First Street, Suite 8000
P.O. Box 8050
Wausau, WI 54402-8050

Tel 715.845.4336
Fax 715.845.2718

Ruder Ware is a member of Meritas Law Firms Worldwide

Search
Disclaimer
The Health Care Law Blog is made available by Ruder Ware for educational purposes and to provide a general understanding of some of the legal issues relating to the health care industry. This site does not provide specific legal advice and you should not use the information contained on this site to address your specific situation without consulting with legal counsel that is well versed in health care law and regulation. By using the Health Care Law Blog site you understand that there is no attorney client relationship between you and Ruder Ware or any individual attorney. Postings on this site do not represent the views of our clients. This site links to other information resources on the Internet; these sites are not endorsed or supported by Ruder Ware, and Ruder Ware does not vouch for the accuracy or reliability of any information provided therein. For further information regarding the articles on this blog, contact Ruder Ware through our primary website.