Health Law Advisor

Our colleague  Tzvia Feiertag at Epstein Becker Green has recently published a post on the Workforce Bulletin blog that will be of interest to our readers in the health care industry: “IRS Memo Concludes There Is No Statute of Limitations for ACA Employer Mandate Penalties Under Internal Revenue Code § 4980H.”

Following is an excerpt:

The IRS Office of Chief Counsel recently issued a memo which, in a surprise to many, concluded that the filing of the Affordable Care Act (“ACA”) Forms 1094-C and 1095-C (“C Forms”) does not start the statute of limitations on ...

On March 11, 2020, the World Health Organization declared that COVID-19 is now a pandemic.  The effects continue to be felt in the United States, which now has well over 1,000 confirmed novel Coronavirus disease (COVID-19) cases.  As of March 12, 2020, nineteen states have declared a state of emergency to ensure there are resources to address the Coronavirus, and President Trump has announced a ban on travel to and from Europe for 30 days starting on Friday, March 13, 2020.  Given the prevalence of the Coronavirus in the U.S. and the growing numbers of cases globally, health care providers should take extra precaution with their patients, employees, and visitors.  As all public health communications are making clear, efforts to limit the spread of COVID-19 will not only prevent illness, but they will also reduce the pandemic’s potential to overwhelm critical health care resources.

This advisory provides guidance for health care providers in responding to the COVID-19 pandemic.  Our best practices for all employers can be found here and here, and all businesses should visit our Coronavirus Resource Center.

The Coronavirus Preparedness and Response Supplemental Appropriations Act, 2020 (the Act), signed by the President on Friday, March 6, provides $8.3 billion in much needed multi-year funds to battle the coronavirus public health crisis. While there are many important aspects of the Act, below we focus on the Act’s grants for construction, alteration, or renovation of non-federally owned facilities.

State and Local Level Preparedness and Response Capability - The Act allocates $3.1 billion to the Secretary of Health and Human Services (the Secretary) for the Public Health and ...

We encourage our readers to visit Workforce Bulletin, the newest blog from our colleagues at Epstein Becker Green (EBG).

Workforce Bulletin will feature a range of cutting-edge issues—such as sexual harassment, diversity and inclusion, pay equity, artificial intelligence in the workplace, cybersecurity, and the impact of the coronavirus outbreak on human resources—that are of concern to employers across all industries. EBG's full announcement is here.

Click here to subscribe for email notifications—you’ll receive a confirmation email to click.

(And if you haven't ...

In a recent blog post, colleagues in our Employment, Labor & Workforce Management practice addressed the legal framework pertaining to coronavirus (COVID-19) risks in the workplace.  As the number of cases continues to the climb in the U.S., it is imperative that HIPAA covered entities and their business associates are aware of their privacy and security responsibilities in the midst of this public health emergency.  EBG provides this guidance on how to effectively respond to the coronavirus public health crisis while navigating patient privacy issues.

Congress is working to advance a strong emergency funding supplemental package, estimated to be between $2.5 billion and $8.5 billion, to fully address the scale and seriousness of the coronavirus (COVID-19) public health crisis. Working against a timeline to pass a funding package prior to the March 13, 2020, Congressional recess, the supplemental funding for the coronavirus emergency will result in new government contracts, grants, GSA schedule awards, as well as contract modifications. Because of the public health crisis, the government may also issue letter contracts under FAR Part 16.603, et seq., which allows the government to immediately contract for services or supplies with contract definitization at a later date.

As discussed in an earlier blog post, the New York state Stop Hacks and Improve Electronic Data Security Act (or “SHIELD Act”), was signed into law on July 25, 2019.  A potential unintended side effect of the SHIELD Act may require health care companies to provide notification to the NY Attorney General for events that occurred well before its enforcement date. While the SHIELD Act’s data security requirements, which are covered under §4, will not come into effect until March 21, 2020, all other requirements, including the breach notification requirement, became effective on October 23, 2019.  The notification enforcement date is important for any Covered Entity, as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), that has suffered a Breach, as defined by HIPAA, involving fewer than 500 individuals (“Minor HHS Breach”), was a breach of computerized data, and involved a New York resident.

Delaware is reminding its employers that a safe, drug-free workplace can pay.  On February 1, the state’s Department of Insurance (the “Department”) amended its regulations to emphasize the availability of workers’ compensation insurance discounts of up to 19 percent for employers who participate in the Delaware Workplace Safety Program (the “Program”), and who implement a drug-free workplace program at their worksites.  The amended regulations took effect on February 11, 2020.

The Workplace Safety Program

First implemented in 1989, the Program offers an ...

On January 28, 2020, the Department of Health & Human Services (“HHS”) Office for Civil Rights (“OCR”) addressed a federal court’s January 23rd invalidation of certain provisions of the Health Insurance Portability and Accountability Act (“HIPAA”) rule relating to the third-party requests for patient records. In Ciox Health, LLC v. Azar,[1] the court invalidated the 2013 Omnibus Rule’s mandate that all protected health information (“PHI”) maintained in any format (not just that in the electronic health record) by a covered entity be delivered to third parties at the request of an individual, as well as the 2016 limitation on fees that can be charged to third parties for copies of protected health information (“PHI”).

As enacted, HIPAA’s Privacy Rule limits what covered entities (or business associates acting on behalf of covered entities)[2] may charge an “individual” requesting a copy of their medical record to a “reasonable, cost-based fee”[3] (the “Patient Rate”). The Privacy Rule did not, however, place limitations on the fees that can be charged to other requestors of this information, such as other covered entities that need copies of the records for treatment purposes or for disclosures to attorneys or other third parties.  In order for some of these third parties to obtain the records, the patient would have to provide the covered entity with a valid HIPAA authorization.  

We have written extensively on mandatory vaccination policies and employers’ obligations to accommodate requests for exemption based on religious or disability grounds.  The Fifth Circuit Court of Appeals has issued a recent decision that provides helpful guidance to employers who mandate vaccinations.  In Horvath v. City of Leander, No. 18-51011 (5^th Cir. Jan. 9, 2020), the Fifth Circuit held that the defendant City of Leander did not violate a firefighter’s religious freedom when it discharged the firefighter after he refused to choose either of two accommodations to the ...