Health Law Advisor

New from the Diagnosing Health Care Podcast: Workplace violence in health care settings is on the rise, capturing the attention of both state and federal lawmakers.

As awareness grows, so too does legal scrutiny and the push for new regulations and enforcement. In these seemingly critical times, what should health care employers be thinking about and incorporating into their comprehensive strategies to prevent and address workplace violence?

On this episode, Epstein Becker Green attorneys Sharon Peters, Eric Neiman, and Avery Schumacher dissect the legal landscape surrounding health care workplace violence, examining the steps being taken at various levels of government and what they mean for health care providers and institutions. Join us as we explore the legal frameworks, emerging policies, and broader compliance implications for health care employers.

New York State cannabis agencies and related individuals were served with a lawsuit from four New York veterans (Carmine Fiore, William Norgard, Steve Mejia, and Dominic Spaccio, collectively, the “Plaintiffs”) related to the cannabis market and licensing structure on August 2, 2023. The Plaintiffs are alleging that under the Conditional Adult-Use Retail Dispensary (“CAURD”) licenses, state officials have been favoring “Justice Involved” individuals over disabled veterans in the application process. Their lawsuit has thus far led to the issuance of a ...

Revisions to Ohio’s Health Care Services rules have been in the works since last September, as part of the required five-year of review Ohio Administrative Code Chapter 3701-84 by the Ohio Department of Health (ODH). Without much publicity, the finalized rules became effective on May 15, 2023. 

“Health Care Services” include: (1) adult cardiac catheterization; (2) adult open heart surgery; (3) pediatric cardiac catheterization; (4) pediatric cardiovascular surgery; (5) pediatric intensive care; (6) a linear accelerator, cobalt radiation, or gamma knife service; (7) solid organ transplant services, and (8) blood and bone marrow transplant service. The revised Health Care Services rules make changes to nearly every regulation in Chapter 3701-84, many of a substantial nature. 

Of particular interest to Ohio hospitals, changes to the adult cardiac catheterization services requirements include:

In this episode of the Diagnosing Health Care Podcast:  A complex landscape of state laws overlays the direct access testing model, ranging from physician order requirements, such as telemedicine standards and the corporate practice of medicine doctrine, to specimen collection considerations, including how the varying options for collection could impact a model.

How do these factors combine to create a roadmap for companies navigating the direct access testing industry?

On July 8, two weeks following the Supreme Court’s ruling in Dobbs v. Jackson that invalidated the constitutional right to abortion, President Biden signed Executive Order 14076 (E.O.). The E.O. directed federal agencies to take various actions to protect access to reproductive health care services,[1] including directing the Secretary of the U.S. Department of Health and Human Services (HHS) to “consider actions” to strengthen the protection of sensitive healthcare information, including data on reproductive healthcare services like abortion, by issuing new guidance under the Health Insurance and Accountability Act of 1996 (HIPAA).[2]

In two recent memoranda, the Centers for Medicare and Medicaid Services (CMS) made changes to previously issued survey guidance related to COVID-19 vaccination issues.

The U.S. Supreme Court is expected to imminently issue its opinion in the case Dobbs v. Jackson Women’s Health Organization (“Dobbs”). If the Court rules in a manner to overturn Roe v. Wade, states will have discretion in determining how to regulate abortion services.^[1] Such a ruling would overturn nearly 50 years of precedent, leaving patients, reproductive health providers, health plans, pharmacies, and may other stakeholders to navigate a host of uncharted legal issues. Specifically, stakeholders will likely need to untangle the web of cross-state legal issues that may emerge.

On February 23, 2022, in the case captioned Texas Med. Ass'n v. U.S. Dep't of Health & Human Servs., No. 6:21-cv-00425-JDK (E.D. Tex.), the U.S. District Court for the Eastern District of Texas issued the first major judicial decision addressing implementation of the new federal No Surprises Act, which went into effect nationally on January 1, 2022.  The Court’s decision significantly alters the landscape for claims qualifying for the No Surprises Act’s Federal Independent Dispute Resolution Process (IDRP), an arbitration process designed to resolve certain reimbursement disputes between commercial payors and out-of-network health care providers or emergency facilities.

During a National Stakeholder Call on January 18, 2022, Ellen Montz—Deputy Administrator and Director of the Center for Consumer Information and Insurance Oversight (CCIIO) at the Centers for Medicare and Medicaid Services (CMS)—announced that CMS had begun publishing state-specific letters (the “Enforcement Letters”) detailing anticipated Federal and state responsibilities with respect to enforcement of the No Surprises Act (NSA) on the CCIIO website. Although CCIIO has yet to publish Enforcement Letters for a minority of states,[1] the Enforcement Letters that have been published provide critical details regarding how the NSA intersects with existing state laws and CMS’s expectations regarding NSA enforcement in each state.

Starting in 2022, Ohio will require owners of tax-exempt real property to notify the county auditor if the exempt property ceases to qualify for exemption.

This is a substantial departure from current law, which had left the role of monitoring changes in exempt properties’ uses to the county auditors or Ohio’s tax commissioner; under the new law, health care entities that own property in the state must determine whether or not their property continues to qualify for exemption.

Ohio’s recent Budget Bill – House Bill 110 – created the new reporting requirement, which will be ...

On June 21, 2021, Florida Governor Ron DeSantis signed into law a bill requiring genetic counselors to be licensed by the Florida Department of Health (“FLDOH”).  The new law, known as the Genetic Counseling Workforce Act (“GCWA”), became effective on July 1, 2021.  FLDOH has announced a 90 day enforcement moratorium to allow counselors time to become appropriately licensed in the State.  Florida now joins a growing number of states that regulate the work of genetic counselors.

At the end of March, Florida joined the roster of states that have erected legal shields for health care providers against COVID-19-oriented liability claims. Concerned about uncertainty surrounding the emergency measures taken in response to COVID-19 and the effects that lawsuits could have on the economic recovery and the ability of health care providers to remain focused on serving the needs of their communities, the Florida Legislature passed CS/SB 72 on March 29, 2021.  Governor Ron DeSantis signed CS/SB 72 into law as Laws of Florida 2021-1.  This law creates two new statutory provisions - section 768.38 and section 768.381, Florida Statutes – effective on passage.

What Are the Liability Protections?

Section 768.381, Florida Statutes provides protection for health care providers regarding COVID-19-related claims, as follows:

• Complaints alleging claims subject to the law must be pled with particularity, or will be dismissed. This is a higher pleading standard than typically required for a civil complaint, and requires a greater degree of specificity.
• Plaintiffs must prove gross negligence or intentional misconduct. This is a higher standard than ordinary negligence or professional malpractice.
• Health care providers are provided with several affirmative defenses which, if proven, preclude liability. These defenses primarily relate to a provider’s substantial compliance with government-issued standards regarding COVID-19, infectious disease generally in the absence of standards specifically applicable to COVID-19 or the inability to comply with applicable standards in light of medical supply shortages.
• There is a one-year statute of limitations on COVID-19-related claims against health care providers, which is substantially shorter than that for simple and medical negligence claims. When this statute starts to run depends on whether the claim arises out of the transmission, diagnosis, or treatment of COVID-19, or from other circumstances such as a delayed or canceled procedure. Actions for COVID-19 related claims that accrued before the law’s effective date must commence within one year of the effective date.

The regulations for the California Consumer Protection Act (“CCPA”) were approved by the California Office of Administrative Law on August 14, 2020 and went into effect immediately.   Earlier this year, the California Department of Justice proposed these regulations to govern the California Attorney General’s enforcement of CCPA. CCPA was signed into law on June 28, 2018 and went into effect on January 1, 2020.

Please see Epstein Becker Green’s earlier posts discussing CCPA for more information.

• California’s New Consumer Privacy Act: What Employers Need to Know
• Follow ...

The Ryan Haight Act Online Pharmacy Consumer Protection Act of 2008 (21 U.S.C. § 802(54)) (the “Ryan Haight Act” or “Act”) expanded the federal Controlled Substances Act to define appropriate internet usage in the dispensing and prescribing of schedule drugs, and in doing so effectively banned the issuance of prescriptions via telemedicine services for any controlled substances unless the ordering physician has conducted at least one in-person evaluation of the patient. The Act includes multiple exceptions that permit prescribing of controlled substances ...

Effective June 11, 2018, all Department of Veterans Affairs (“VA”) health care providers will be able to offer the same level of care to all beneficiaries regardless of the beneficiary’s or the health care provider’s location. In its recently released final rule, the VA stated that in December 2016 Congress mandated that the agency provide veterans with a self-scheduling, online appointment system, and that the agency meet the demands for the provision of health care services to veterans, regardless of whether such care was provided in-person or using telehealth ...

In 2008, Congress passed the Ryan Haight Act (21 U.S.C. § 802(54)) (“Ryan Haight”) following the death of Ryan Haight, a young man who overdosed on prescription painkillers he purchased from an online pharmacy without a valid prescription. Ryan Haight amended the federal Controlled Substances Act (21 U.S.C. 802 et seq.) and specifically prohibits dispensing controlled substances via the internet without a “valid prescription” which, according to the law, must be issued for a legitimate medical purpose and may only be issued once a physician has conducted at least one ...

Telehealth continues to be a hot topic of state and federal legislatures. Texas, for example, recently joined the rest of the states in no longer requiring initial in-person visits before being able to provide telehealth services.

The Texas legislature enacted the major telehealth bill SB 1107 on May 19, 2017, and the governor signed the bill into law shortly thereafter on May 27, 2017. As reported in our prior post, Texas had considered that, if passed, this telehealth bill would allow patient-physician relationships to be established via telemedicine without requiring an initial ...

As requested by Congress as part of an appropriations bill signed into law late last year, this month, the Department of Health and Human Services (HHS) released a report highlighting its e-health and telemedicine efforts.  The report makes for interesting reading, and while there are no significant surprises in the report, it offers a clear snapshot of some of the agency’s thinking regarding virtual care.

The first thing I noted in the report is the agency’s view that “telehealth holds promise as a means of increasing access to care and improving health outcomes.”  This is ...

As 2015 winds down, I think it is safe to say that it has been a whirlwind year in telehealth.  According to the National Conference of State Legislatures (NCSL), over 200 telehealth-related bills were introduced in 42 states.  The Federation of State Medical Boards (FSMB) has launched an interstate physician licensure compact that creates a new pathway to expedite physician licensure in multiple states.  Twelve states (with Wisconsin being the latest) have so far enacted the licensure compact.  Many states such as Colorado, Iowa, and Louisiana released regulations or policies that in ...

As many of you know, reimbursement for telehealth services is a mixed bag.  On the one hand, private payers generally seem ahead of the curve.  Many leading private insurers reimburse for telehealth.  Generally these coverage policies provide reimbursement for telehealth services when they involve the use of real-time interactive audio, video, or other electronic media for diagnosis and consultation.  Just as significantly, more than half the states and the District of Columbia have passed telehealth parity statutes which require health insurers to provide coverage for services ...

As we have explored a number of times on this blog, telemedicine has gone mainstream.  The more recent development is that employers seem to be paying more attention now. The numbers speak for themselves. A recent Towers Watson study focusing on employers with at least 1,000 employees concluded that U.S. employers could save up to $6 billion per year if their employees routinely engaged in remote consults for appropriate medical problems instead of visiting emergency rooms, urgent care centers, and physicians’ offices.

Attitudes towards telemedicine more generally in the United ...

On January 9, 2015, New Jersey Governor Chris Christie signed new legislation that will require health insurance carriers authorized to issue health benefits plans in the state—including insurance companies, health service corporations, hospital service corporations, medical service corporations, and health maintenance organizations—to encrypt personal information. Triggered by a series of data breaches involving the health information of almost a million residents, Senate Bill No. 562 (“SB 562”) was passed unanimously by both houses of the state legislature ...

As a lawyer practicing in the telemedicine space, I am rarely surprised these days.  But every once in a while I will read or hear something that stops me in my tracks. That is exactly what happened when I read a blog post by an FTC Commissioner which, among other things, calls for government policies that help facilitate greater adoption of telemedicine.  The post was part of a broader piece about the FTC's role in promoting competition and innovation in health care.

By way of quick background, the Federal Trade Commission is the federal agency charged with protecting ...

There can be no question that telehealth has gone mainstream.  The numbers speak volumes. Telehealth companies have been able to raise almost $500 million since 2007 according to a noted venture capital analyst.  A recent study indicated that U.S. employers could save up to $6 billion a year through telehealth.  Per the American Telemedicine Association, more than half of all U.S. hospitals now offer some form of telehealth service.  Some leading analysts estimate that global revenue for telehealth will reach $4.5 billion by 2018, and the number of patients using telehealth services ...

Earlier this week, a popular source of regulatory news published an article claiming FDA “finalized a new rule this week that prohibits manufacturers from using so-called “split-predicates”. However, it appears that the article may instead be referencing the Final Guidance for Industry and Food and Drug Administration Staff entitled “The 510(k) Program: Evaluating Substantial Equivalence in Premarket Notifications [510(k)]” that FDA published earlier this week.  Unfortunately, as often occurs on the Internet, the post was disseminated by several other popular ...

One of the largest hurdles to the growth of telehealth—the lack of a streamlined process for obtaining physician licensure in multiple states—is one step closer to being scaled. The Federation of State Medical Boards (“FSMB”) recently released a revised draft of its Interstate Medical Licensure Compact (“Compact”). This revised draft is a continuation of efforts by FSMB and its member boards to study the feasibility of an interstate license portability. Additionally, the revised draft of the Compact reflects changes based upon comments received from FSMB member ...

By Brandon Ge and Alaap Shah

The Department of Health and Human Services (“HHS”) is taking laudable steps to improve notices of privacy practices (“NPPs”) and make them more clear, understandable, and user-friendly. Under the HIPAA Privacy Rule, individuals are entitled to a receive an NPP informing them of how their health information may be used and shared, as well as how to exercise their health privacy rights. Health plans and health care providers must develop and distribute NPPs that clearly explain these rights and practices. Unfortunately, to date NPPs have been ...

A significant barrier to the interstate practice of telehealth is closer to being broken down. The Federation of State Medical Boards (FSMB) has completed and distributed a draft Interstate Medical Licensure Compact, designed to facilitate physician licensure portability that should enhance the practice of interstate telehealth.  Essentially, the compact would create an additional licensing pathway, through which physicians would be able to obtain expedited licensure in participating states.  As the FSMB notes in its draft, the compact "complements the existing ...

   By:  Alaap Shah and Ali Lakhani

Why is data breach such a rampant problem within the health care industry?

As health care rapidly digitizes through adoption of electronic health records, mobile applications and the like, the risk of data breach is rising exponentially.  To effectively manage this risk, health care companies and their business associates must be vigilant by implementing and evaluating security controls in the form of administrative, physical and technical safeguards.  Health care companies also have resources to assist them with managing this risk.  Specifically ...

By:  Alaap Shah and Ali Lakhani

The Good: 

“Hey Doc, just shoot me a text . . .”

The business case supporting text messaging in a health care environment is compelling - it is mobile, fast, direct, and increases dialogue between physicians and patients as well as streamlines the often inefficient page/callback paradigm that stalls workflows and efficiency in the supply chain of healthcare delivery.  As a growing percentage of the 171 billion monthly text messages in the U.S. are sent by healthcare providers, often containing electronic protected health information (ePHI ...

About two weeks ago, the Governor of Nevada signed into law new legislation that removes a number of barriers to the practice of telehealth within the state of Nevada.  Among the most significant changes, the Nevada legislation allows physicians to establish a physician-patient relationship (which is a precondition for prescribing drugs, rendering diagnoses, and performing other medical services) through a telehealth encounter.  In doing so, Nevada joins only a small number of states that have taken this step.  However the Nevada law is significant not only because it allows a ...

Before initiating treatment, health care providers must generally obtain their patients’ informed consent. The purpose of the informed consent process is two-fold. First, it allows patients to gain an understanding of the risks and benefits of the proposed treatment, and alternative courses of action. Second, it helps shield providers from legal exposure.

A formal informed consent process is particularly critical for procedures that carry a high risk of patient injury. When considering such “high-risk” procedures, neurosurgery or radiation therapy may come to mind ...

We all know that telehealth is going mainstream.  The numbers speak for themselves.  A leading research firm predicts that 2.8 million patients worldwide used home-based remote monitoring devices in 2012—expected to increase to 9.4 million connections globally by 2017.  Another firm projects that the number of patients using telehealth services in the United States will grow to 1.3 million in 2017, up from 227,000 in 2012.  Even less rosy projections predict growth to 2 million patients worldwide by 2017.  The news is even better in subspecialties like telepsychiatry   that are ...

While telehealth technology advances, unresolved legal issues continue to deter wider adoption of telehealth as a means of delivering health care services. One issue that telehealth providers must consider is the standard of care that applies in telehealth encounters. Generally, a plaintiff in a medical malpractice suit must prove, among other things, that the provider breached the standard of care. Therefore, knowing what standard of care applies is critical for any telehealth provider that wishes to insulate itself from potential malpractice liability.

In traditional ...

Telehealth is going mainstream. Once limited to rural or remote communities, the use of telehealth is increasingly being used to address critical shortages within many medical specialties (such as dermatology, neurology, radiology, critical care and mental health), and as a more efficient means to provide health care services. Many leading nationally-recognized health care providers, health plans and others have significant telehealth initiatives underway often in partnership with telecommunications vendors and government entities.  And developments in this space tend ...

During and after a recent presentation regarding telehealth before a health care executive group, we were inundated with the following question:  Why should a hospital provide telehealth services when often times it will not get paid for those services?  It is, on its face, a great question.  After all, few of us would want to provide services we know will not be reimbursed.  But, in many ways, the question misses the boat.  While a hospital may not be paid directly for providing telehealth services, it nevertheless could significantly benefit in a number of ways that prove just as valuable ...

We are all too familiar with the many hurdles that stand in the way of the greater proliferation of telehealth.  This blog has examined various legal and regulatory stumbling blocks such as licensure, reimbursement, and privacy that continue to stand in the way of telehealth fulfilling its great promise—at least in the United States.  Other countries are increasingly embracing telehealth.  A recent spate of legislative and other activities, however, point to an evolving environment in which legislators and regulators are beginning to understand and grapple with the many legal and ...

While tech companies looking to provide health solutions must figure out early on whether they are HIPAA-regulated, HIPAA is not the be-all and end-all of privacy law. Even entities not regulated under HIPAA must abide by other privacy rules, including a wide array of state privacy laws. On December 6, 2012, in the state’s first legal action under its online privacy law, California Attorney General Kamala Harris filed a lawsuit against a major airline for not including a privacy policy in its smartphone app. The complaint alleges violation of California’s Online Privacy ...

While tremendous strides continue to be made in the growth and adoption of telehealth services, significant legal obstacles remain.  Among these obstacles are state drug prescribing laws.  In many states, physicians cannot lawfully prescribe drugs during a telehealth encounter, except in very limited circumstances.  For example, California requires that physicians perform a “physical exam” before prescribing drugs, and explicitly outlaws prescribing on “the internet” without a prior examination.  These restrictions vary from state to state, but many share certain ...

As telehealth continues to grow, there are a number of legal, regulatory, and operational issues that threaten to stall its progress.  We have tackled many of these issues in previous blog posts.  But no obstacle looms larger than the issue of payment.  How can providers get consistently and appropriately reimbursed by payers for use of telehealth?  Absent a clear answer, telehealth will likely find it difficult to fulfill its great promise—at least in the United States.  Other countries are pulling ahead.  Here is a look at the current reimbursement landscape facing providers and what ...

By Ross K. Friedberg and Ophir Stemmer

This year we’ve seen a continuation of the trend toward heightened regulation and enforcement of the privacy and security requirements under the Health Information Portability andAccountability Act (“HIPAA”) and under other state and federal health privacy laws. Although there have not been any significant changes to federal health privacy laws this year, federal enforcement activity continues to be strong.

This post provides a summary of the developments in privacy and security law throughout the past year; discusses the ...

by Joel Rush and Dawn Helak

All indications are that international telemedicine is well positioned for strong growth over the next several years. The global healthcare marketplace is ripe with opportunities for U.S. based healthcare systems and providers to take advantage of the expanding use of telemonitoring systems and other telemedicine technologies to deliver top flight healthcare to patients across the globe.

However, wherever there are opportunities, there are challenges. In addition to the economic and financial barriers to launching an international telemedicine ...

Mobile application (“app”) development is the new boon for technology companies of all sizes, and the phrase “There’s an app for that” tells the story of just how much this market has grown and matured.  Most of the early app development focused on low risk opportunities—those involving free or low-cost social media or gaming apps.  While protecting privacy and security of personally-identifiable information is generally important, privacy and security concerns typically do not rank as high priorities in decision-making when developing these types of apps.

By ...

Imagine there are two hospitals (or two physician groups). One is highly specialized and has developed a telemedicine program for treating stroke patients; the other is a community hospital or physician practice that would like to take part in this telemedicine program but does not want to pay for the technology needed to virtually connect with the program’s specialists. Can the telemedicine provider buy this technology for the receiving hospital or physician group, or rent it out at a deep discount, without violating the law?

This turns out to be a hard question. Under federal law ...

The following may surprise some: FDA approval or clearance is never enough. Not if manufacturers want a commercially successful product. There is no doubt that addressing FDA issues is critical. But without data to show effectiveness, payers will not reimburse a particular product or technology—and even the most promising product will languish in the market without the appropriate coverage and reimbursement.

The use of remote monitoring devices has increased significantly over the last few years. I think it is fair to say that many manufacturers of these devices worry ...

In the past few months, we’ve seen a number of federal agencies take important steps to promote telemedicine. In May, the Department of Agriculture began a $15 million grant and loan program that will provide funding to innovative rural telemedicine programs; the Veteran’s Administration, building on its already impressive telemedicine capabilities, reported in July that it will be testing a new telemedicine system designed to support rural primary care providers; and in May and June the Centers for Medicare and Medicaid Services Center for Innovation awarded funding to a ...

 A significant yet little-noticed trend is underway. And its effects could be far-reaching.  A growing number of states are enacting so-called telehealth parity statutes. These laws generally require health insurers to pay for services provided via telehealth the same way they would for services provided in-person. Almost a third of all states have enacted these statutes, and I predict more states will be jumping on the bandwagon. Telehealth is indeed going mainstream.

Maryland became one of the latest states to jump on the bandwagon when the state’s governor signed a telehealth ...

Many legal obstacles have long stood in the way of telehealth. There are licensure laws, prescribing laws, practice of medicine requirements, credentialing rules, insurance coverage issues, and concerns about privacy, among others.  These hurdles have until recently relegated telehealth to the most geographically remote corners of health care where the only means of obtaining medical care is by phone or computer connection to a provider hundreds of miles away.  But now, with physician shortages and the ubiquity of the smart phone, telehealth is beginning to show up all over the ...

There is a proposal moving through Congress that has some interesting implications for telemedicine.  Sen. Diane Feinstein (D-CA) and Rep. Bill Cassidy (R-LA) have proposed an amendment to the Online Pharmacy Safety Act that would impose additional restrictions on when and under what circumstances practitioners can prescribe medication under the Federal Food, Drug, and Cosmetic Act.  Although the Online Pharmacy Act is primarily intended to put an end to illegitimate pharmacies and the fraudulent sale of drugs online, as the American Telemedicine Association, HealthLeaders