PPACA Impact and Opportunities : Health Care Lawyer & Attorney : Epstein Becker Green Law Firm : Insurance & Costs : Health Reform Musings Blog

Our colleagues at Epstein Becker Green have issued a client alert: "HIPAA Omnibus Rule's Impact on Notices of Privacy Practices," by Patricia M. Wagner, Brandon C. Ge, and Alaap B. Shah.

Following is an excerpt:

This health reform alert summarizes the key changes to the Notice of Privacy Practices ("NPP") requirements in the revised Health Insurance Portability and Accountability Act ("HIPAA") regulations (the "Omnibus Rule") as well as what covered entities need to do to be compliant. Because many covered entities may have modified their NPPs based on the Notice of Proposed Rulemaking issued on July 14, 2010 ("NPRM"), this alert also details the similarities and differences between the NPRM and the Omnibus Rule related to NPPs. In addition, Table 1 of this alert provides a quick summary of the NPRM proposals adopted—or not adopted—by the Omnibus Rule.

As covered entities work toward compliance, they should keep in mind that the Omnibus Rule becomes effective on March 26, 2013, but the deadline for compliance is September 23, 2013.

Read the full alert here.

Our colleagues at Epstein Becker Green have issued a client alert: "Key Compliance Actions for the New HIPAA Privacy Regulations," by Patricia M. Wagner, Pamela D. Tyner, and Leah A. Roffman.

Following is an excerpt:

As noted in previous Epstein Becker Green health reform alerts, on January 25, 2013, the long-awaited final omnibus rule (“Omnibus Rule”) issued by the U.S. Department of Health and Human Services was published in the Federal Register. The Omnibus Rule makes sweeping changes to the privacy and security regulations under the Health Insurance Portability and Accountability Act (“HIPAA”).

In light of the Omnibus Rule’s new requirements, business associates and covered entities should strongly consider reviewing their existing HIPAA privacy and security practices, including compliance policies and business associate agreements. While the Omnibus Rule takes effect on March 26, 2013, affected parties have until September 23, 2013, to come into compliance with most of its provisions. This alert reviews several of the regulatory changes and suggests action items to facilitate compliance with the new requirements.

Read the full alert here

Our colleagues Mark E. Lutes, Robert J. Hudock, and Patricia M. Wagner have issued an alert on modifications to the HIPAA privacy, security, and enforcement rules. Following is an excerpt:

On January 17, 2013, the Department of Health and Human Services released the highly anticipated, 563 page, Health Insurance Portability and Accountability Act (“HIPAA”) regulations (the “Final Rule”) that have been delayed for over 3 years. The Final Rule will be published in the Federal Register on January 25, 2013. The Final Rule addresses many of the compliance issues and unanswered questions facing covered entities and business associates. The effective date of the Final Rule is March 26, 2013--with a compliance date (for most provisions) by September 23, 2013 (there is an additional grace period for certain provisions). Epstein Becker Green is preparing an in-depth analysis of the Final Rule which will be forthcoming. In the meantime, below is a high level summary of the significant changes included in the Final Rule.  Read the full alert here.

Note that Ms. Wagner and Mr. Hudock will host a free webinar on this topic, titled "The Final Omnibus HIPAA Rule," on January 24, at 12:00 p.m. EST.

Epstein Becker Green has been designated by the Health Information Trust Alliance (HITRUST) as a Common Security Framework (CSF) Assessor. This will allow the firm to provide health care organizations with privacy and security risk assessments to protect the entities from breaches of protected health information (PHI). The health care industry has accepted the HITRUST CSF as the most widely adopted security framework. Epstein Becker Green is the first law firm to become a CSF Assessor and the designation exemplifies the firm's distinct capability to identify and address risk for health care industry clients.

HITRUST provides resources, tools, education, and training to develop and maintain effective security programs for health care and life sciences companies that comply with security laws, regulations, and standards including HITECH, HIPAA, PCI, JCAHO, CMS, ISO, NIST, and various other federal, state, and business requirements.

Read the Full Announcement from Epstein Becker Green

Kara Maciel, Member of the Epstein Becker Green Labor and Employment, Litigation, and Health Care and Life Sciences Practices, was recently interviewed by Employment Law360 concerning employer wellness programs. 

According to the article, businesses are turning to wellness programs to curb health care expenses, but programs that aren't carefully crafted can open employers up to costly privacy and discrimination litigation, attorneys say.  Wellness programs can lead to big savings for employers by targeting behaviors that can cause conditions that drive up their health care expenditures. But programs that give employers too much  information about their employees can leave employers vulnerable to claims that they have violated the  Health Insurance Portability and Accountability Act, the Americans with Disabilities Act, the Genetic Information Nondiscrimination Act, and state privacy and nondiscrimination laws, experts say. 

“Employers really can open themselves up to a litigation minefield if they do not properly craft their programs in a legally compliant way, with a particular focus on discrimination and privacy issues,” said Maciel. 

Click here to download the Employment Law360 article in its entirety (PDF).