Health Care Law Blog

Have you heard? Gov. Snyder signed four bills significantly changing the procedure for investigating and disciplining licensed health professionals under the Public Health Code on April 3. The four statutes take effect on July 1, 2014.

These important changes make it even more crucial for a health professional to consult with legal counsel experienced with the disciplinary process whenever he or she is contacted by the Bureau of Health Care Services (BHCS). 

Learn more about the changes. Read the article here. 

As health care providers continue to increase their use of technology, they are asked more and more frequently to enter into software or other IT contracts.  While many health care providers sign these agreements without reviewing them, doing so can create unwanted liability and unexpected problems. 

These issues were the topic of a recent State Bar of Michigan Health Care Law Section Webinar entitled “Software Licenses: What You Don’t Know Can Hurt You.” Sam Frederick from Foster Swift was a featured speaker.  His presentation discussed important revisions that should be made to software provisions, as well as the consequences for relying on certain boilerplate provisions. In addition, health care providers must require that their software vendors with access to protected health information sign Business Associate Agreements.  While many software agreements have business associate-like provisions included in them, they often do not meet all of the required elements under HIPAA.  This exposes the health care provider to liability.

In summary, health care providers should have their attorney review any software or IT contracts presented to them and require that their vendors execute Business Associate Agreements.  For assistance with this matters, please contact Sam Frederick at (517) 371-8103 or sfrederick@fosterswift.com 

The Patient Protection and Affordable Care Act requires that certain health insurance providers pay an annual fee based on the net premiums they wrote during the preceding calendar year. The providers required to pay this fee include health insurance issuers; health maintenance organizations; certain insurance companies; insurers providing Medicare Advantage, Medicare Part D, or Medicaid coverage; and multiple employer welfare arrangements.

In order to calculate the fees, the Internal Revenue Service (“IRS”) must obtain information related to the amount of net premiums written by each health insurance provider. This is accomplished through IRS Form 8963 (Report of Health Insurance Provider Information). Health insurance providers are required to submit Form 8963 to the IRS by April 15 of each year.

Maybe you have determined you're a Business Associate (or a subcontractor of a Business Associate) or maybe you’re a Covered Entity for purposes of HIPAA and have not gotten around to conducting or updating your risk assessment. Now is the time to do it.

HIPAA requires that Covered Entities, Business Associates, and subcontractors of Business Associates “[i]mplement policies and procedures to prevent, detect, contain, and correct security violations.” (45 CFR § 164.308(a)(1)). In order to fulfill these requirements, all entities subject to HIPAA’s Security Rule must run a risk assessment. A risk assessment is a “thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information.” In the past, some of the largest penalties have been assessed against entities that had failed to conduct a proper risk assessment and subsequently experienced a breach.