Author: Margaret Young Levi

Administrative Law Judge Dismisses FTC Complaint Against LabMD

Margaret Young Levi Federal Law Resources , , ,

electronic health recordOn November 13, 2015, the Chief Administrative Law Judge (ALJ) for the Federal Trade Commission (FTC) issued an Initial Decision dismissing the FTC’s Complaint against LabMD, Inc. for lack of evidence. The FTC originally issued this Complaint against LabMD in 2013, alleging that the clinical testing laboratory failed to provide “reasonable and appropriate” security for personal information maintained on LabMD’s computer networks and that this conduct “caused or is likely to cause” substantial consumer injury.

Continue reading

Recent OIG Studies Recommend Tighter Enforcement of the Privacy and Security Rules

Margaret Young Levi Federal Law Resources , , , , , ,

The U.S. Department for Health & Human Services’ Office of Inspector General (OIG) has conducted two recent studies calling for tighter enforcement of the Privacy and Security Rules under the Health Insurance Portability and Accountability Act (HIPAA).

OCR Should Strengthen Its Oversight of Covered Entities’
Compliance With the HIPAA Privacy Standards

In the first study, the OIG recommends that the Office of Civil Rights (OCR), the government agency responsible for enforcing covered entities’ compliance with the HIPAA Privacy Standards, should strengthen its oversight of these privacy standards. The OIG reviewed a statistical sample of privacy cases investigated by the OCR from September 2009 through March 2011, surveyed and interviewed OCR staff, reviewed the OCR’s investigation policies, and surveyed providers’ compliance with five selected privacy standards.

Based upon this review, the OIG concluded that OCR should strengthen its oversight of covered entities’ compliance with the Privacy Rule. It criticized the OCR’s oversight as “primarily reactive” and suggested they be more Continue reading

Stages 1, 2, And Now 3, Meaningful Use Criteria

Margaret Young Levi Electronic Health Records, Health Information Technology, HITECH Law, Meaningful Use , , , , , , , ,

The Centers for Medicare & Medicaid Services (“CMS”) proposed Meaningful Use criteria to implement Stage 3 and allow eligible professionals, eligible hospitals and critical access hospitals (“CAHs”) to qualify for incentive payments (or avoid downward payment adjustments) under the Medicare and Medicaid Electronic Health Record (EHR) Incentive Program implemented by the Health Information Technology for Economic and Clinical Health (“HITECH”) Act of 2009. stethoscope, keyboardThen CMS made changes to Stage 1 and Stage 2 Meaningful Use criteria to better align with the proposed Stage 3 criteria just two weeks later.

On March 30, 2015, CMS published a long-awaited proposed rule which, if finalized, would implement Stage 3, making changes to the objectives and measures of meaningful use for providers effective in Continue reading

April 1 Deadline for Hospitals to Earn EHR Incentives

Margaret Young Levi Electronic Health Records, Health Information Technology, Hospital EHR Incentives , , , , ,

The Centers for Medicare & Medicaid Services (CMS) reminds hospitals that 2015 is the last year for eligible hospitals to begin participating in the Medicare Electronic Health Record (EHR) Incentive Program and earn incentive payments.

In order to earn a 2015 incentive payment, be eligible for a 2016 incentive payment, and avoid a 2016 payment reduction (called an “adjustment”), first-time hospital participants should:

  • Begin their 90-day reporting period no later than April 1, 2015 and
  • Attest by July 1, 2015.

Eligible hospitals that do not start their 90-day reporting period on April 1, 2015 have one last chance to earn a 2015 incentive payment if they begin their reporting period by July 1, 2015 and attest by Continue reading

FTC Releases Report and Practical Advice on the Internet of Things

Margaret Young Levi FTC Enforcement, Privacy & Security , , , , , , , , ,

On January 27, 2015, the Federal Trade Commission (FTC) released a staff report entitled “Internet of Things: Privacy & Security in a Connected World.” This report suggests steps businesses can take to protect consumers’ privacy and security as they use objects that connect and send data to the Internet.

InternetOfThings-01The FTC Staff Report defines the Internet of Things (IoT) as “the ability of everyday objects to connect to the Internet and to send and receive data.” Examples of such objects are bracelets that track fitness activities and share the data with friends, cameras that post pictures online, RFID tags to monitor inventory, and home automation systems to monitor lights, temperature and security and report to homeowners when they are away. In health care, such objects include medical devices that monitor vital signs and other patient data, such as insulin pumps and blood pressure cuffs, and then share this data with physicians and caregivers. Basically, the IoT is “essentially any other Internet-connected device that isn’t a mobile phone, tablet, or traditional computer.”

The number of “things” connected to the Internet is greater than the number of people, and, as of this year, there will be 25 billion devices connected to the Internet. But this increased connectivity comes with increased privacy and security risks. First, financial and personal data stored on these devices can be stolen. Second, when the objects are connected to a network, security vulnerabilities in the objects may Continue reading