As health care providers continue to increase their use of technology, they are asked more and more frequently to enter into software or other IT contracts. While many health care providers sign these agreements without reviewing them, doing so can create unwanted liability and unexpected problems.
These issues were the topic of a recent State Bar of Michigan Health Care Law Section Webinar entitled “Software Licenses: What You Don’t Know Can Hurt You.” Sam Frederick from Foster Swift was a featured speaker. His presentation discussed important revisions that should be made to software provisions, as well as the consequences for relying on certain boilerplate provisions. In addition, health care providers must require that their software vendors with access to protected health information sign Business Associate Agreements. While many software agreements have business associate-like provisions included in them, they often do not meet all of the required elements under HIPAA. This exposes the health care provider to liability.
In summary, health care providers should have their attorney review any software or IT contracts presented to them and require that their vendors execute Business Associate Agreements. For assistance with this matters, please contact Sam Frederick at (517) 371-8103 or email@example.com
The Patient Protection and Affordable Care Act requires that certain health insurance providers pay an annual fee based on the net premiums they wrote during the preceding calendar year. The providers required to pay this fee include health insurance issuers; health maintenance organizations; certain insurance companies; insurers providing Medicare Advantage, Medicare Part D, or Medicaid coverage; and multiple employer welfare arrangements.
In order to calculate the fees, the Internal Revenue Service (“IRS”) must obtain information related to the amount of net premiums written by each health insurance provider. This is accomplished through IRS Form 8963 (Report of Health Insurance Provider Information). Health insurance providers are required to submit Form 8963 to the IRS by April 15 of each year. Read More ›
Maybe you have determined you're a Business Associate (or a subcontractor of a Business Associate) or maybe you’re a Covered Entity for purposes of HIPAA and have not gotten around to conducting or updating your risk assessment. Now is the time to do it.
HIPAA requires that Covered Entities, Business Associates, and subcontractors of Business Associates “[i]mplement policies and procedures to prevent, detect, contain, and correct security violations.” (45 CFR § 164.308(a)(1)). In order to fulfill these requirements, all entities subject to HIPAA’s Security Rule must run a risk assessment. A risk assessment is a “thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information.” In the past, some of the largest penalties have been assessed against entities that had failed to conduct a proper risk assessment and subsequently experienced a breach. Read More ›
Is it the end of the Michigan Marriage Amendment?
In the court case Deboer v Snyder, a federal court judge ruled that the voter-approved Michigan Marriage Amendment prohibiting same-sex couples from marrying in Michigan was unconstitutional. However, the Sixth Circuit Court of Appeals stayed the federal trial court ruling in Deboer v Snyder as the State of Michigan prepares to appeal the decision.
So what does this mean for health care insurers? This means that the Michigan Marriage Amendment banning same-sex marriage remains the law in Michigan until the Sixth Circuit decides the State of Michigan's appeal of the Deboer ruling. However, insurers will want to keep an eye on this case to determine if they should offer same-sex health insurance benefits or change their definitions of spouse under their plans.
For information on what this ruling would mean for employers, see this article by Foster Swift.
As hospitals and doctors across the country become more technologically sophisticated and use more and more medical devices that are connected to the Internet in some fashion, they are increasingly being attacked and compromised by sophisticated cyberattacks. Attacks on US hospitals’ medical data – which put patient records and personal information at risk – have more than doubled since 2010, according to a new study by the Ponemon Institute.
In its report, the Ponemon Institute states that 90 percent of health care institution respondents had at least one data breach in the last two years, while 38 percent had more than five data breaches during that same time period. While many of these breaches stemmed from lost or stolen computers, technical glitches, and third-party problems, several were due to criminal attacks. Read More ›
Foster Swift health care attorneys are getting ready to attend the 20th Annual Health Law Institute March 6 and 7. The Institute provides attorneys with the opportunity to learn about the most recent statutory, regulatory, and case law developments in the health care industry. Co-sponsored by the Health Care Law Section of the State Bar of Michigan, this educational opportunity offers a range of presentations from numerous leaders in the health care legal community. Read More ›
On Feb. 4, 2014, new legislation took effect amending Michigan's Do-Not-Resuscitate Procedure Act (the "Act").The Act allows a guardian, who has the power under Michigan’s guardianship laws, to consent to a do-not-resuscitate order (“DNR Order”) on behalf of a legally incapacitated person under certain conditions. This power does not extend to a guardian ad litem.
In 1996, Michigan passed the Act, which permits a competent adult or his or her patient advocate to sign a DNR Order instructing emergency personnel not to perform potentially life-saving procedures in the event of the cessation of respiration and circulation. However, the Act did not give express authority to a guardian acting on behalf of an individual to authorize a DNR Order. Read More ›
Any disciplinary sanction against a health professional’s license can have serious collateral consequences, such as termination from provider networks, loss of malpractice insurance or substantially increased rates, medical staff investigations and proceedings, adverse employment actions, and reports to the National Practitioner Data Bank. A recent Michigan Court of Appeals decision highlights an added risk that many health professionals and their attorneys may not have known. A relatively minor licensing sanction was used, with devastating effect, as evidence in an unrelated malpractice action.
A dentist was sued for malpractice following a root canal procedure in Holder v Schwarcz. The jury awarded $67,500 in damages and the trial court granted $151,555 in case evaluation sanctions. The dentist had been involved in an unrelated licensing investigation relating to root canals for another patient. The licensing action was resolved through a consent order. In a consent order, a health professional does not admit any allegations in the licensing complaint, but agrees that the board’s disciplinary subcommittee may treat them as true and enter a sanction for violating the Public Health Code. The sanction imposed against the dentist in the licensing action included probation for one year, a requirement for ten hours of continuing education, and a $5,000 fine. The sanction was fairly typical for a licensing case alleging negligent care. Read More ›
On Feb. 12, 2014, the U.S. Department of Treasury and the Internal Revenue Service published final rules (the “Final Rules”) related to the Employer Shared Responsibility provisions of the Patient Protection and Affordable Care Act (“PPACA”). The Employer Shared Responsibility provisions, referred to as the “Employer Mandate,” generally require certain employers to offer minimum essential health care coverage to their full-time employees or face penalties. The Employer Mandate was originally scheduled to become effective on Jan. 1, 2014 but was delayed until Jan. 1, 2015.
The Final Rules include a second delay of the Employer Mandate. They provide that employers who employ 50 – 99 full time equivalent employees will not be required to comply with the Employer Mandate until Jan. 1, 2016. Additionally, those employers who employ 100 or more full time equivalent employees must offer minimum essential coverage to only 70 percent of those full time employees by Jan. 1, 2015 (as opposed to the 95 percent coverage requirement under the previous regulations). Those employers employing 100 or more full time employees will be required to offer coverage to 95 percent of all full time employees by Jan. 1, 2016. The chart below summarizes the basic details concerning this delay. Read More ›
On Jan. 2, 2014, the Department of Health and Human Services (“HHS”) issued a proposed rule related to the Administrative Simplification requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Specifically, it delayed the date by which health plans must certify compliance with certain operating rules imposed by the Affordable Care Act (“ACA”).
The ACA required the Secretary of HHS to adopt operating rules related to claims status, eligibility, electronic funds transfers ("EFT") and health care payment and remittance advice transactions ("ERA"). Health plans (and other covered entities) were required to comply with the claims status and eligibility operating rules by Jan. 1, 2013 and the EFT and ERA operating rules by Jan. 1, 2014. Additionally, health plans were required to file a statement with HHS certifying that the health plan is in compliance with the operating rules. This certification statement was due by Dec. 31, 2013. Read More ›