Health Law Advisor

New York State appears poised to become the fourth state to explicitly regulate consumer health data not covered by the federal Health Insurance Portability and Accountability Act (HIPAA). In May of 2023, Washington State enacted the My Health My Data Act; in June of 2023, Connecticut amended its Data Privacy Act; and in March of 2024, Nevada passed Senate Bill 370. In many respects, NY HIPA is broader in scope and effect than its three predecessors.

New York’s S929 (Health Information Privacy Act or NY HIPA), sponsored by state Senator Liz Krueger (D), establishes requirements for communications to individuals regarding the disposition of their health information; and requires written consent or a designated necessary purpose for the processing of such health information. NY HIPA addresses vulnerabilities unaddressed by HIPAA because it applies to a broader range of private companies and protects health information at risk of disclosure through the commercialization of health data.

HRSA’s “Audit Reporting Requirement Attestations” arrived in inboxes on Friday, March 22, 2024, and require a response by Friday, April 5, 2024.  The government is under pressure to show that the money distributed under the CARES Act and the American Rescue Plan was used responsibly.  These notices are frustrating and frightening, and a two-week turnaround may seem a bit callous, but the situation could certainly be worse—the government could have simply demanded a return of the funds.  If an organization expended more than $750,000 in a single fiscal year and does not comply ...

On October 30, 2023, President Joe Biden signed the first ever Executive Order (EO) that specifically directs federal agencies on the use and regulation of Artificial Intelligence (AI). A Fact Sheet for this EO is also available.

This EO is a significant milestone as companies and other organizations globally grapple with the trustworthy use and creation of AI.  Previous Biden-Harris Administration action on AI have been guidance of principles (e.g., the AI Bill of Rights) or have been targeted guidance on a particular aspect of AI such as the Executive Order Addressing Racial ...

Throughout the course of the pandemic, the Health Resources and Services Administration (HRSA) distributed $178 billion in Provider Relief Funds (PRF) to hospitals and health care providers.  The Public Health Emergency has ended, and HRSA is now turning an eye to how the money was spent, and whether it was spent properly. 

PRF funds were distributed with nearly no-strings-attached; hospitals and providers had to simply agree to a few terms and conditions.  Yet a number of facilities and providers have received one of two types of letters from HRSA: (1) a Final Repayment Notice stating the money must be returned, or (2) a letter stating that HRSA will be conducting an audit.  

On March 22, 2023, the U.S. Department of Health and Human Services’ Office of Inspector General (“OIG”) updated its Frequently Asked Questions (“FAQs”), drafting 13  FAQs aimed at easing the transition from COVID-era flexibilities to the end of the Public Health Emergency (“PHE”) on May 11, 2023. These FAQs arrive on the tail of OIG’s March 10, 2023 COVID-19 Public Health Emergency policy statement, which announced that the expiration of the PHE in May also marks the end of flexibilities extended during the crisis.  The updated FAQs offer a glimpse into how OIG investigations and enforcement might play out after the end of the PHE.  These FAQs address subjects including “General Questions Regarding Certain Fraud and Abuse Authorities,” the “Application of Certain Fraud and Abuse Authorities to Certain Types of Arrangements,” and “Compliance Considerations.”  

The vast majority of the principles articulated in the updated FAQs will undoubtedly be familiar to many.  Generally speaking, the updated FAQs restate or clarify longstanding OIG policy.  The updated FAQs are more than reiteration, however; they offer condensed policy and explanation in a single location, and demonstrate that for the most part, investigations and enforcement may return to the pre-PHE status quo. 

On April 20, 2022, the Department of Justice (DOJ) announced a nationwide coordinated enforcement action targeting COVID-19-related fraud involving charges against 21 individuals across nine federal districts, and over $149 million in alleged false claims submitted to federal programs.[1]

This marks the first significant DOJ enforcement action since Attorney General Merrick Garland named Associate Deputy Attorney General Kevin Chambers as the Director for COVID-19 Fraud Enforcement on March 10, an appointment President Biden previewed in his State of the Union address on March 1.