Health Law Advisor

The Coronavirus Preparedness and Response Supplemental Appropriations Act, 2020 (the Act), signed by the President on Friday, March 6, provides $8.3 billion in much needed multi-year funds to battle the coronavirus public health crisis. While there are many important aspects of the Act, below we focus on the Act’s grants for construction, alteration, or renovation of non-federally owned facilities.

State and Local Level Preparedness and Response Capability - The Act allocates $3.1 billion to the Secretary of Health and Human Services (the Secretary) for the Public Health and ...

We encourage our readers to visit Workforce Bulletin, the newest blog from our colleagues at Epstein Becker Green (EBG).

Workforce Bulletin will feature a range of cutting-edge issues—such as sexual harassment, diversity and inclusion, pay equity, artificial intelligence in the workplace, cybersecurity, and the impact of the coronavirus outbreak on human resources—that are of concern to employers across all industries. EBG's full announcement is here.

Click here to subscribe for email notifications—you’ll receive a confirmation email to click.

(And if you haven't ...

In a recent blog post, colleagues in our Employment, Labor & Workforce Management practice addressed the legal framework pertaining to coronavirus (COVID-19) risks in the workplace.  As the number of cases continues to the climb in the U.S., it is imperative that HIPAA covered entities and their business associates are aware of their privacy and security responsibilities in the midst of this public health emergency.  EBG provides this guidance on how to effectively respond to the coronavirus public health crisis while navigating patient privacy issues.

Congress is working to advance a strong emergency funding supplemental package, estimated to be between $2.5 billion and $8.5 billion, to fully address the scale and seriousness of the coronavirus (COVID-19) public health crisis. Working against a timeline to pass a funding package prior to the March 13, 2020, Congressional recess, the supplemental funding for the coronavirus emergency will result in new government contracts, grants, GSA schedule awards, as well as contract modifications. Because of the public health crisis, the government may also issue letter contracts under FAR Part 16.603, et seq., which allows the government to immediately contract for services or supplies with contract definitization at a later date.

As discussed in an earlier blog post, the New York state Stop Hacks and Improve Electronic Data Security Act (or “SHIELD Act”), was signed into law on July 25, 2019.  A potential unintended side effect of the SHIELD Act may require health care companies to provide notification to the NY Attorney General for events that occurred well before its enforcement date. While the SHIELD Act’s data security requirements, which are covered under §4, will not come into effect until March 21, 2020, all other requirements, including the breach notification requirement, became effective on October 23, 2019.  The notification enforcement date is important for any Covered Entity, as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), that has suffered a Breach, as defined by HIPAA, involving fewer than 500 individuals (“Minor HHS Breach”), was a breach of computerized data, and involved a New York resident.

Delaware is reminding its employers that a safe, drug-free workplace can pay.  On February 1, the state’s Department of Insurance (the “Department”) amended its regulations to emphasize the availability of workers’ compensation insurance discounts of up to 19 percent for employers who participate in the Delaware Workplace Safety Program (the “Program”), and who implement a drug-free workplace program at their worksites.  The amended regulations took effect on February 11, 2020.

The Workplace Safety Program

First implemented in 1989, the Program offers an ...

On January 28, 2020, the Department of Health & Human Services (“HHS”) Office for Civil Rights (“OCR”) addressed a federal court’s January 23rd invalidation of certain provisions of the Health Insurance Portability and Accountability Act (“HIPAA”) rule relating to the third-party requests for patient records. In Ciox Health, LLC v. Azar,[1] the court invalidated the 2013 Omnibus Rule’s mandate that all protected health information (“PHI”) maintained in any format (not just that in the electronic health record) by a covered entity be delivered to third parties at the request of an individual, as well as the 2016 limitation on fees that can be charged to third parties for copies of protected health information (“PHI”).

As enacted, HIPAA’s Privacy Rule limits what covered entities (or business associates acting on behalf of covered entities)[2] may charge an “individual” requesting a copy of their medical record to a “reasonable, cost-based fee”[3] (the “Patient Rate”). The Privacy Rule did not, however, place limitations on the fees that can be charged to other requestors of this information, such as other covered entities that need copies of the records for treatment purposes or for disclosures to attorneys or other third parties.  In order for some of these third parties to obtain the records, the patient would have to provide the covered entity with a valid HIPAA authorization.  

We have written extensively on mandatory vaccination policies and employers’ obligations to accommodate requests for exemption based on religious or disability grounds.  The Fifth Circuit Court of Appeals has issued a recent decision that provides helpful guidance to employers who mandate vaccinations.  In Horvath v. City of Leander, No. 18-51011 (5^th Cir. Jan. 9, 2020), the Fifth Circuit held that the defendant City of Leander did not violate a firefighter’s religious freedom when it discharged the firefighter after he refused to choose either of two accommodations to the ...

January 28th marks Data Privacy Day which commemorates the signing of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data.  This international treaty is the first of its kind to address privacy and data protection.

Strong privacy and cybersecurity safeguards are paramount to the success of companies and the consumers they serve.  These issues are so critical they took center stage at the annual Consumer Technology Association’s Consumer Electronics Show (CES) held earlier this month where tech companies of all sizes promoted ...

Sponsors of health plans have long known that the only constant in life is change. In 2020, that is surely to remain true.

Ding-Dong! The Cadillac Tax Is Dead!

On December 20, 2019, as part of the year-end appropriations bill, the Affordable Care Act’s (ACA) so-called 40% “Cadillac Tax” on high-cost health plans was finally, after much lobbying and other efforts by sponsors and health care payers, put to an end with a full repeal. The “Cadillac Tax” was currently scheduled to take effect in 2022 (after two delays), and would have taxed employer-sponsored plans worth more than ...