DGS Health Law Blog : Denver Health Care Lawyers & Attorneys : Davis Graham & Stubbs Law Firm : HIPAA & Patient Privacy : Colorado, Rocky Mountain West

Will health care providers be the second profession to escape the Federal Trade Commission's (FTC) Red Flags Rule?  The heads of the American Dental Association, the American Medical Association, the American Osteopathic Association, and the American Veterinary Medical Association hope so, and they're asking the FTC to declare that its identity theft prevention rule (Red Flags Rule or Rule) does not apply to their licensed professionals.

In light of the November 2009 United States District Court decision in American Bar Association v. FTC, which held that the Red Flags Rule did not apply to legal professionals, the healthcare organizations issued a joint letter to the FTC requesting the same treatment.

The healthcare organizations specifically requested that the FTC:  (1) Announce that the Rule will not be applied to licensed health care professionals until at least ninety days after the final resolution of the ABA litigation and (2) Commit that if the result of the final ABA litigation is that the Red Flags Rule will not be applied to lawyers, the FTC will not apply the Rule to licensed health care professionals either.

The letter noted the substantial cost and burdens on healthcare professionals in complying with the Rule and stated that if lawyers were exempt from the Rule it would be "manifestly unfair" to subject healthcare professionals it.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Let the age of HIPAA lawsuits begin.  Yesterday, the Connecticut Attorney General sued Health Net of Connecticut, Inc. for a security breach involving patient medical and financial records.  This is the first state enforcement action against a covered entity for a HIPAA violation since HITECH extended enforcement ability to the state attorneys general.  It serves as a good reminder that covered entities and business associates need to have breach notification policies in place and comply with those policies in the event of a security breach. 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

The good news is that the government has released the proposed regulations on meaningful use and interim final rule setting forth the standards and certification criteria for EHR technology.  The bad news is that these tomes combined are 692 pages.  CMS has issued fact sheets summarizing the regulations, including an overview of the phased-in approach to the criteria that will be applied to define "meaningful use."  Dr. David Blumethal, the National Coordinator for Health Information Technology at the U.S. Department of Health & Human Services, wrote a guest column for the Wisconsin Technology Network stating that "Great care was taken in the development of these criteria."  Nevertheless, one can't help but to wonder - if it takes over 500 pages to explain meaningful use . . . where are we headed?  The public comment period will last for 60 days, that is, if you can finish reading the proposed regulations by then!

• Email This
• Print
• Comments
• Trackbacks
• Share Link