Interest in and acceptance of telehealth services continues to grow. Recent events, like the COVID-19 pandemic and the U.S. Supreme Court’s ruling in Dobbs v. Jackson Women’s Health Organization, have put more pressure than ever on federal and state legislators to promote access to telehealth services.

However, the greater use of telehealth services also increases the potential for fraudulent behavior and enforcement activity. Providers should continue to monitor developments in federal and state laws, regulations, and policies to capitalize on telehealth opportunities while staying compliant with applicable laws.

Since 2016, Epstein Becker Green has researched, compiled, and analyzed state-specific content relating to the regulatory requirements for professional mental/behavioral health practitioners and stakeholders seeking to provide telehealth-focused services. We are pleased to release our latest compilation of state telehealth laws, regulations, and policies within the mental/behavioral health practice disciplines.

Continue Reading Just Released: Telemental Health Laws – Download Our Complimentary Survey and App

In this episode of the Diagnosing Health Care Podcast:  What challenges are providers likely to face as the Occupational Safety and Health Administration (OSHA) prepares its permanent COVID-19 standard for health care workers?

Attorneys Denise DadikaBob O’Hara, and Tim Murphy review the provisions of OSHA’s temporary COVID-19 standard for health care workers and what’s expected to change under the permanent rules. They also discuss how the agency’s current enforcement push is impacting health care providers.

Continue Reading Podcast: OSHA’s Permanent COVID-19 Standard and Enforcement Blitz – Diagnosing Health Care

On February 4, 2022, the Centers for Medicare and Medicaid Services (CMS) issued important updated guidance in a memo (QSO-21-08-NLTC) regarding how acute and continuing care facilities—including hospitals, ambulatory surgical centers, end-stage renal disease facilities, home health agencies, and hospices—manage infection control procedures in light of the COVID-19 public health emergency.

Continue Reading CMS Discontinues Prior Guidance on Visitation Restrictions and Rescinds COVID-19 Focus Infection Control Survey Procedures

Recently, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), the agency enforcing the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, obtained two large breach-related settlements: one from a HIPAA Covered Entity and one from a HIPAA Business Associate.  These enforcement actions signal that despite COVID-19 related challenges, organizations continue to face rampant data breaches and ensuing HIPAA enforcement.

On September 25, 2020, OCR settled an investigation into a breach suffered by a large health insurer by obtaining the second-largest resolution payment in HIPAA enforcement history ($6.85 million).  This enforcement action resolved an investigation concerning potential violations of HIPAA Privacy and Security Rules related to a breach affecting the electronic protected health information (ePHI) of more than 10.4 million people.  The breach resulted from a phishing attack that introduced malware into the insurer’s IT systems and allowed unauthorized actors to gain access and remain undetected for nearly nine months.  Similarly on September 23, 2020, a business associate providing IT and health information management services to hospitals and physicians clinics entered a settlement ($2.3 million) with OCR for potential violations of HIPAA Privacy and Security Rules related to a breach affecting over 6 million people.  Essentially, these cyberattacks were advanced persistent threats that compromised the privacy and security of ePHI and PHI and revealed longstanding gaps in the companies’ cybersecurity controls.
Continue Reading Data Breaches and HIPAA Enforcement Remain Endemic Amidst the COVID-19 Pandemic

To address the COVID-19 public health emergency fiscal burdens, Congress authorized and appropriated the Coronavirus Aid, Relief, and Economic Security (“CARES”) Act[1], Public Health and Social Services Emergency Fund (“Relief Fund”) for healthcare providers and facilities. The Department of Health and Human Services (“HHS”) has begun to distribute several tranches of the Relief Funds. All totaled, Congress provided $175 billion to the Public Health and Social Services Emergency Fund (“Relief Fund”) through the CARES Act and the Payroll Protection Program and Health Care Act.[2]

As of May 7, 2020, HHS identified $50 billion for general distribution to Medicare providers. HHS distributed to Medicare providers the Relief Fund’s initial $45 billion tranche in April 2020, and is distributing the Relief Fund’s second $20 billion tranche. Also, HHS allocated Relief Funds to: hospitals in COVID-19 high impact areas ($10 billion); rural providers ($10 billion); Indian Health Services ($400 million), and skilled nursing facilities, dentists, and providers that take solely Medicaid (unidentified amounts).[3]

Continue Reading Appropriate Use of CARES Act Provider Relief Funds