The interest level in storing health records in digital format has grown rapidly with the lower cost and greater availability and reliability of interoperable storage mechanisms and devices. Health care providers like hospitals and health systems, physician practices, and health insurance companies are among those most likely to be considering a cloud-based solution for the storage of patient-related health information. While lower cost, ubiquitous 24/7 availability, and reliability are key drivers pushing health care providers and insurers to the cloud, a number of serious legal and regulatory issues should be considered before releasing sensitive patient data into the cloud. The issues are highlighted in the Health Care chapter of our Cloud Computing White Paper.… Continue Reading
On May 19, 2011, the Health Resources and Services Administration (“HRSA”) released a proposed rule concerning the exclusion of orphan drugs for certain covered entities under the 340B Program. The 340B Program, enacted pursuant to the Veterans Health Care Act of 1992 (“VHCA”), limits the prices that participating manufacturers may charge for outpatient drugs purchased by … Continue Reading
On May 16, 2011, the Office of Inspector General ("OIG") published a report with the results from its nationwide review of the Centers for Medicare and Medicaid Services ("CMS'") oversight of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). In its review, the OIG sought to determine the sufficiency of CMS' oversight and enforcement actions pertaining to hospitals' implementation of the HIPAA Security Rule. Pursuant to the Security Rule, covered entities, such as hospitals, must implement technical, physical, and administrative safeguards for the protection of electronic protected health information ("ePHI"). According to the OIG, CMS' oversight and enforcement actions were "not sufficient," leaving limited assurance of the security of hospitals' ePHI.
The report details the results from the OIG's audits of seven hospitals. The audits disclosed "numerous internal control weaknesses." Specifically, the OIG identified 151 vulnerabilities in the systems and controls intended to protect ePHI. Of these vulnerabilities, 124 were categorized as "high impact." These vulnerabilities placed the confidentiality, integrity, and availability of ePHI at risk. The consequences of the high impact vulnerabilities is that it (1) may result in the highly costly loss of major tangible assets or resources; (2) may significantly violate, harm, or impede an organization's mission, reputation, or interest; or (3) may result in human death or serious injury.… Continue Reading
According to a senior health information technology and privacy specialist at HHS Office for Civil Right (OCR), regulations finalizing the July 14, 2010, proposed rule implementing many of the HITECH Act's privacy, security, and enforcement requirements could be published by the end of 2010 or in early 2011. Additionally, OCR, developing a HITECH Act required "periodic audit" plan, which will be targeted to ensure that covered entities and business associates comply with the requirements of the Privacy and Security Rules.… Continue Reading
On September 3, 2010, the Centers for Medicare & Medicaid Services ("CMS") published a Proposed Rule withdrawing certain provisions of the July 17, 2007 AMP Final Rule, and withdrawing the October 7, 2008 Final Rule defining "Multiple Source Drug." Specifically, the rule proposes to withdraw 42 C.F.R. § 447.504, "Determination of AMP," § 447.514, "Upper limits for multiple source drugs," and the definition of "Multiple Source Drug" in § 447.502. Conforming amendments are also proposed to other sections of the AMP Final Rule, generally by replacing references to the regulatory definition of AMP which is being deleted, with references to the statutory definition of AMP. As the rule explains, the withdrawal is being proposed in light of retail pharmacies' legal challenges to the definition of AMP and the multiple source drug provisions, and the passage of health care reform amendments which have effectively superseded the AMP provisions.… Continue Reading