By Laura Gerdes Long
In a battle between a state statute and the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) (42 U.S.C. § 1320d to d-9), the Eleventh Circuit Court of Appeals has held that a Florida statute is preempted by HIPAA because it is an obstacle to the “accomplishment and execution of the full purposes and objectives of HIPAA in keeping an individual’s protected health information strictly confidential.” OPIS Management Resources, LLC, et al. v. Secretary Florida Agency for Health Care Administration, No. 12-12593 (11th Cir. April 9, 2013).
OPIS, and the other plaintiff parties, are operators and managers of skilled nursing facilities in Florida. In the course of their operations, the nursing facilities received requests from spouses and attorneys-in-fact for the medical records of deceased nursing home residents. Because the parties requesting the records were not “personal representatives” pursuant to HIPAA and its implementing regulations, the facilities refused to disclose the records. As a result, the requesting parties filed complaints with the U.S. Department of Health and Human Services Offices for Civil Rights, which concluded that the nursing facilities acted properly.
The Florida Agency for Health Care Administration, however, issued citations against the nursing facilities for violating Florida law by refusing to release the records because the state statute requires licensed nursing homes to release a former resident’s medical records to the spouse, guardian, surrogate, or attorney-in-fact of any such resident. Fla. Stat. § 400.145(1). Because of the conflicting interpretations of the relevant laws, the nursing facilities filed a complaint for declaratory judgment. The district court granted the nursing facilities’ motion for summary judgment, explaining that the Florida statute affords nursing home residents less protection than is required by the federal law; therefore, the state law is preempted by HIPAA.
Stricter Federal HIPAA Law Trumps State Law
At the heart of the issue is whether the state statute, in which the “unadorned text…. authorizes sweeping disclosures, making a deceased resident’s protected health information available to a spouse or other enumerated party upon request, without any need for authorization, for any conceivable reason and without regard to the authority of the individual making the request to act in a deceased resident’s stead,” conflicts with federal law, according to Judge Susan H. Black. Finding that it does conflict, the jurist wrote, the state law “frustrates the federal objective of limiting disclosures of protected health information” and is therefore “preempted by the more stringent privacy protections” imposed by federal law. Continue reading »
04/17/13 2:37 PM
Healthcare, Litigation | Comment (0) |
Permalink
HIPAA vs. Florida and HIPAA Wins!
By Laura Gerdes Long
On June 28, 2012, the Supreme Court, in a 5-4 decision, upheld the Patient Protection and Affordable Care Act (the “Act”), more commonly known as the health reform law, including the highly controversial individual mandate. While the Court limited the Act’s planned expansion of Medicaid, the decision was overwhelmingly a “win” for President Obama.
Now that President Obama has been elected to a second term, those who resisted implementing the first set of provisions (waiting for the Court to rule) will have to begin earnestly working to comply with both provisions already in effect and forthcoming provisions, including key provisions which require compliance in 2014: the individual mandate and the employer mandate.
Provisions currently in effect include:
- No lifetime limits on coverage.
- Restrictions on annual limits.
- No “rescissions,” meaning health plans cannot cancel coverage once you are sick unless you committed fraud when you applied for coverage.
- Dependent care coverage is provided up to age 26 for adult children without employer-sponsored coverage.
- Federal small business tax credits have also been available for employers who provide coverage, with credits differing depending on the size of the company and increasing to 50 percent in 2014.
- Many consumer employees have already experienced not having to pay out-of-pocket costs for certain preventative services, such as breast cancer screenings and cholesterol tests, and the disqualification of over-the-counter drugs as medical expenses for Flexible Spending Accounts (FSAs) and Health Savings Accounts (HSAs).
- Insurers will have to provide rebates to consumers if they spend less than 80 to 85 percent of premium dollars on medical care.
The impact of both the individual mandate and the employer mandate will not be fully known until closer to 2014; however, there has been great speculation about who will be most impacted. Continue reading »
12/17/12 9:27 AM
Business Law, Employment Law, Healthcare | Comments Off |
Permalink
Employers and the Health Reform Law
By Laura Gerdes Long
The looming clash over the privacy of mental health care records as they are increasingly being stored electronically was revealed in “As Records Go Online, Clash over Mental Care Privacy,” an article in the June 21, 2012 issue of the Boston Globe.
The Globe article highlighted the case of a patient who attended weekly therapy sessions and, as is typical, revealed her most private secrets, including depression and childhood sexual abuse. Her psychiatrist at Massachusetts General Hospital would then type a summary into her computerized medical record. With that, more than 200 pages of sensitive notes became available to any doctor who cared for her within the sprawling Partners HealthCare system. She discovered this only when a doctor later referenced the notes.
On one hand, Partners (the hospital system) argues that doctors must have a complete picture to make accurate diagnoses and having different rules for psychiatric records contributes to the stigma of mental illness.
On the other hand, this article highlights the delicate privacy issues that are surfacing as electronic medical records become widespread. Providers in separate networks are preparing to share patients’ records more widely online — to better coordinate care and cut wasteful spending. This will probably intensify the debate about what should and should not be shared, as well as fears about the unauthorized release of patient information.
As Dr. David Blumenthal, Partners’ chief health information and innovation officer and former national coordinator for health information technology for the Obama administration, said: Continue reading »
06/28/12 11:41 AM
Healthcare | Comments Off |
Permalink
The Impact of Electronic Storage on Mental Health Care Records
By Misty A. Watson
The issue of exhaustive yet routine and expensive medical treatment versus quality of life for patients at end-of-life has been a hot topic in the media recently. The St. Louis Post Dispatch ran a series of articles including “Woman’s 6-month decline highlights end-of-life care quandary.” The June addition for Time Magazine featured “The Long Goodbye.”
Both articles focus on family members deciding how much care is appropriate and what happens when medical care results in a quality of life that the recipient of the care may not have wanted.
What is apparent from these articles is that end of life issues are difficult to discuss with family members. As a result, individuals often lack the motivation to consult with counsel to make sure that their wishes regarding their medical care – particularly at end-of-life – are expressed in writing.
An individual may end up receiving long, drawn out treatment and a quality of life they did not desire.
Healthcare Directives, Living Wills, and Do Not Resuscitate (DNR)
In both of the examples, the families were aware of the wishes of the family member to some extent, and had even taken some measures to make appropriate decisions regarding their care. Continue reading »
06/28/12 9:42 AM
Estate Planning, Healthcare | Comments Off |
Permalink
Knowing What the Patient Wants: Healthcare Directive, Living Will, and Do Not Resuscitate (DNR)
By Laura Gerdes Long
Co-authored by Laura Gerdes Long and Adrienne R. Lauf
A mother is suing a sheriff’s deputy in Cook County, Illinois for violation of the state’s Right to Breastfeed Act. The mother, who was at the courthouse to apply for food-assistance benefits, was breastfeeding her seven-week-old daughter in the lobby of the courthouse. The mother and her daughter were covered by a blanket at the time of the feeding. The deputy demanded that the mother move from the courthouse lobby to a public bathroom to breastfeed the baby. Because the mother feared she would disrupt the application process for her benefits if she were kicked out of the courthouse, she quit feeding her daughter instead of moving.
Right to Breastfeed in Illinois
In 2004 the General Assembly of Illinois passed the Right to Breastfeed Act. The stated purpose being:
“The General Assembly finds that breast milk offers better nutrition, immunity, and digestion, and may raise a baby’s IQ, and that breastfeeding offers other benefits such as improved mother-baby bonding, and its encouragement has been established as a major goal of this decade by the World Health Organization and the United Nations Children’s Fund. The General Assembly finds and declares that the Surgeon General of the United States recommends that babies be fed breast milk, unless medically contraindicated, in order to attain an optimal healthy start.”
Continue reading »
06/7/12 10:16 AM
Healthcare, Litigation | Comments Off |
Permalink
Breastfeeding in Public: Mother Sues Sheriff’s Deputy
By David R. Bohm
Part of a series on issues related to Manufacturers, Distributors and International Trade
Co-authored by David R. Bohm and David A. Zobel
A major change involving subpoenas to non-parties has hit the business world in the state of Missouri.
A new amendment to the Missouri Supreme Court Rules now requires non-party record custodians to physically appear at deposition to produce subpoenaed items, unless all parties to the litigation have agreed that the subpoenaed party may produce the items without appearing.
The amendment changes the prevailing practice where parties send out subpoenas to third parties with a letter explaining that they will be excused from appearing at deposition if they produce the requested items along with what is known as a business records affidavit.
Rule 57.09, as amended, now requires parties to first obtain consent from all other parties to the litigation before a subpoenaed witness may produce documents without attending the deposition. This agreement must be communicated to the witness in writing. Absent this agreement, a witness must appear to produce subpoenaed items at deposition.
What does this mean to you? If you receive a subpoena, you may only produce the documents to the party serving the subpoena without appearing at deposition if that party represents to you in writing (e.g., in a letter) that all other parties have consented to production of the documents without need for you to appear at the deposition. Such a letter should protect you from allegations that you improperly produced records by mail, instead of bringing the documents to the deposition. You do not need to see the actual agreement. If you have any questions as to whether you can simply mail the documents, instead of appearing at deposition, you should either call your attorney for advice or simply wait and bring the documents at the time and place designated in the subpoena.
Continue reading »
03/28/12 12:30 PM
Banking and Finance, Bankruptcy, Business Law, Employment Law, Healthcare, Intellectual Property, Litigation, Manufacturing and Distribution, Real Estate, Tax, Workers' Compensation | Comments Off |
Permalink
Is This by Consent? Changes to Missouri Supreme Court Rule Affect Use of Non-party Subpoenas
By Laura Gerdes Long
Since the Health Information Portability and Accountability Act of 1996 (HIPAA) was implemented in 2003, the Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) has not conducted a formalized plan for auditing health care providers, insurance plans and other covered entities … until now.
OCR recently announced its pilot program to audit covered entities for privacy and security compliance and says in 2012 it will conduct up to 150 audits in their effort to ensure that covered entities and their business associates are complying with the HIPAA Privacy and Security Rules and the Breach Notification Standards. The OCR website provides useful information about this program and its objectives.
Previously, there was no mandated auditing process as a part of HIPAA, but rather reviews of covered entities typically would occur as complaints were raised by patients or consumers. With the American Recovery and Reinvestment Act of 2009, Section 13411 of the Health Information Technology for Economic and Clinical Health Act (HITECH) amended portions of HIPAA and requires HHS to develop procedures for auditing covered entities to verify compliance with the Privacy Rules and breach notification.
Covered entities need to ensure that their policies and procedures are updated for privacy and security compliance efforts. The entity must be prepared to provide documentation of its procedures, including with regard to breach notification, and documentation that its key personnel have been trained. Training does not include simply having a notebook containing policies and procedures that no one knows how to use.
According to the OCR website, the timeline is fairly quick, so individuals within the covered entity should be prepared to know what to do upon receiving a written notification that an audit is coming. If a “serious compliance issue” is found, OCR may initiate a compliance review to address the problem.
Of course, OCR will continue to accept complaints from individuals and covered entities through their privacy officers must continue to accept complaints from individuals. The goal of the pilot audit program appears to be to identify best practices and discover risks and vulnerabilities that otherwise have not come to light through the complaint process.
Covered entities that are prepared will shine, while those that are not prepared will have some explaining to do.
Posted by Attorney Laura Gerdes Long. Long practices in tort, insurance defense, legal malpractice, health care, and employment law. Well-versed in employment law policies and processes related to HIPAA, she serves as a trainer and advisor to health care providers, insurers, self-insured employers, and municipalities.
02/17/12 2:48 PM
Employment Law, Healthcare, Litigation | Comments Off |
Permalink
A Long Road to HIPAA Compliance: Privacy and Security Audits
By Laura Gerdes Long
Fate of the Patient Protection and Affordable Care Act Lies in Hands of Supreme Court
According to the National Law Journal, the Supreme Court justices granted review in three of the five petitions that it had before them regarding the Patient Protection and Affordable Care Act, all from the 11th Circuit Court of Appeals. That court had struck down the mandate that individuals who can afford health insurance must purchase coverage or pay a penalty.
The Journal article lists the issues on which the Court would hear arguments and the amount of time allotted to each issue, for a total of five and one-half hours.
Oral arguments will be made by the United States Solicitor General, 26 state attorneys general (handled by a single lawyer from a Washington firm), and the National Federation of Independent Business (NFIB).
Typically, Supreme Court oral arguments are scheduled for two hours of argument. Arguments are likely to be held in March.
Undoubtedly, with all of the questions raised by the health care act, five hours will not be sufficient time to answer all of them.
Posted by Attorney Laura Gerdes Long. Long practices in tort, insurance defense, legal malpractice, health care, and employment law. Well-versed in employment law policies and processes related to HIPAA, she serves as a trainer and advisor to health care providers, insurers, self-insured employers, and municipalities.
11/17/11 1:37 PM
Business Law, Healthcare, Litigation | Comments Off |
Permalink
Supreme Court: Will Five and a Half Hours Be Enough?
By Christopher D. Vanderbeek
According to a recent study published in the Journal of Occupational and Environmental Medicine, modifiable employee health risks dramatically increase employer operating costs. “Modifiable” health risks are those which can be remedied with appropriate action, such as exercise, diet, or medication.
The study focused on the employees of a large Midwestern corporation. It looked at the most common modifiable health risks: obesity, high blood pressure, high blood sugar, high cholesterol, inadequate exercise, poor nutrition, poor emotional health, tobacco use, and high alcohol consumption.
Researchers focused on two types of costs: health care-related costs, and productivity-related costs. The study suggests that health care costs were driven upward most significantly by high blood pressure, high blood sugar, and inadequate exercise. Productivity costs were driven upward most significantly by poor emotional health, which was also a driver of increased health care costs, though to a smaller extent.
The study also implemented findings from a Mayo Clinic assessment. A few of the pertinent Mayo Clinic findings:
Continue reading »
11/8/11 5:00 AM
Healthcare | Comments Off |
Permalink
Easiest Way to Increase Productivity and Decrease Health Care Costs
