Earlier this year, a federally qualified health center, Metro Community Provider Network (“MCPN”) paid a $400,000 HIPAA breach penalty related to a 2011 phishing attack. In this attack, several MCPN employees had their email accounts hacked by a phisher who was able to gain access to about 3,200 individuals’ PHI.
In this third installment of NLG posts summarizing the new Virginia assisted living regulations, we cover notable changes to requirements for Electronic Records and eSignatures, Incident Reporting, and Reports of Abuse, Neglect, or Exploitation. These regulations are scheduled to take effect February 1, 2018, so keep checking back for THE LATEST from Nixon Law Group!
This is the second NLG summary in our series on the revisions to Virginia’s Standards for Licensed Assisted Living Facilities, scheduled to take effect February 1, 2018. The new regulations include changes to the timing for submitting incident reports, a new section addressing electronic records and electronic signatures, substantial revisions to requirements for infection control programs, and changes to the required content of the Disclosure Statement and admission agreements. This summary focuses on changes to Infection Control regulations.
Final regulations that comprehensively revise Virginia’s Standards for Licensed Assisted Living Facilities are scheduled to take effect February 1, 2018. The new regulations include changes to the timing for submitting incident reports, a new section addressing electronic records and electronic signatures, substantial revisions to requirements for infection control programs, and changes to the required content of the Disclosure Statement and admission agreements. This is the first in a series of summaries on key changes under the new assisted living regulations, so stay tuned!
The U.S. Food and Drug Administration is currently accepting requests from medical software developers to participate in a precertification pilot program that is scheduled to begin September 1, 2017. The program is aimed at developing precertification criteria for software companies that would allow approved companies to engage in a streamlined premarket review process for certain digital health products. The FDA will accept up to nine participants for the pilot program, which the Agency says will include both large, established software developers and small startup companies.
Last week, CMS issued a Proposed Rule suggesting changes for Year 2 of the Quality Payment Program ("QPP"), established under the Medicare Access and CHIP Reauthorization Act of 2015. The changes are aimed at reducing administrative and financial burdens of the QPP on physician practices, particularly small independent practices and practices serving rural communities. Per CMS, the Proposed Rule "continues the slow ramp-up of the Quality Payment Program by establishing special policies for Program Year 2 aimed at encouraging successful participation in the program while reducing burden, reducing the number of clinicians required to participate, and preparing clinicians for the CY 2019 performance period."
Healthcare providers are highly sensitive to the risks introduced by recordings in the workplace—not the least of which are potential violations of federal and state laws regarding the privacy of their patients and residents. We have often advised our healthcare clients to enact restrictions on recordings that could introduce unnecessary risk, but a National Labor Relations Board (NLRB) decision, recently upheld by the U.S. Court of Appeals for the Second Circuit, indicates that those same restrictions on recordings might, in and of themselves, introduce compliance risk. In its decision, the NLRB had to determine whether no-recording policies maintained by employer Whole Foods were overly broad by prohibiting all recordings by Whole Foods employees without prior management approval. The NLRB’s position seems clear: Policies reasonably read as prohibiting all employee workplace recordings violate the National Labor Relations Act.
Caitlin Riccobono, Esq., Counsel at Nixon Law Group, develops these routine “Partners Pointers” for the Virginia-based healthcare organization Partners in Healthcare.
Topic: Business Associates of Business Associates
I was asked to address two main questions regarding a Business Associate that is a subcontractor of another Business Associate (we will call this a “Sub-BA”). First, to what extent is a Sub-BA permitted access to PHI? Second, what are the Sub-BA’s obligations with respect to safeguarding PHI?
On May 31, 2017, the U.S. Department of Justice announced that electronic health records (EHR) vendor eClinicalWorks (ECW), along with certain individual officers and employees, have agreed to pay a total of $155 million to settle a lawsuit under the False Claims Act (FCA). In its Complaint-in- Intervention, the government alleged ECW falsified compliance with certification requirements for EHR under the Meaningful Use program. The programming shortcuts ECW allegedly took in developing its software, along with inadequate post-market support and patches, could expose providers to increased risk of errors and jeopardize patient care. If you or your practice uses the eClinicalWorks software, you should be aware of ECW’s obligations and your rights under the Corporate Integrity Agreement (CIA).
VIRGINIA, June 5, 2017/Nixon Law Group, PLLC/- Nixon Law Group, a Virginia-based boutique law firm representing clients in the healthcare industry exclusively, begins Summer 2017 by welcoming Caitlin Riccobono, Esq. as Counsel with the firm. Cait will be based in Nixon Law Group’s Richmond office. Prior to beginning her career as a healthcare lawyer, Cait spent five years in skilled nursing/long-term care facilities as a social worker.