Although the Illinois Biometric Information Privacy Act has been on the books for almost 10 years, a recent surge in lawsuits has likely been brought on by developments in biometric scanning technology and its increased use in the workplace. At least 32 class action lawsuits have been filed in recent months by Illinois residents in state court challenging the collection, use and storage of biometric data by companies in the state. This could potentially cause a reevaluation of company strategies and development of new defenses in the use of advancing biometric technology.

Read “To Scan or Not to Scan: Surge in Lawsuits under Illinois Biometrics Law.”

In September, the Office of the National Coordinator for Health Information Technology (ONC) announced that it is scaling back requirements for third-party certification of criteria related to certified electronic health record (EHR) technology (CEHRT). Going forward, ONC will allow health developers to self-declare their products’ conformance with 30 of the 55 certification criteria.

ONC will also exercise discretion and not enforce the requirement that certification bodies conduct randomized surveillance of two percent of the health IT certifications they issue.

Read “ONC’s De-Regulatory Announcement Aims at Enticing Industry to Adopt 2015 Edition Criteria.”

Copyright 2017, American Health Lawyers Association, Washington, DC. Reprint permission granted.

President Trump declared the opioid addiction epidemic a public health emergency yesterday. The White House made it clear that this declaration would allow officials to remove barriers to the prescribing of controlled substances via telemedicine, which would permit DEA registered providers to prescribe anti-addiction medications, such as Naloxone, to patients in need without first performing an in-person exam.

As background, the Ryan Haight Online Pharmacy Consumer Protection Act of 2008 (the Haight Act) requires a telemedicine provider who is prescribing a controlled substance to a patient to perform an in-person medical evaluation of the patient prior to prescribing a controlled substance, unless one of the narrow telemedicine exceptions set forth in the Haight Act applies. Additional information on the Ryan Haight Act and the implications of this declaration can be found here.

There are many important questions remaining to be answered, including whether any funding will be available to support the implementation of this declaration and whether the declaration will be renewed upon its expiration in 90 days. The answers to these questions are important to healthcare providers who will need to invest resources and time into developing telemedicine programs to reach more substance use disorder patients, which may take longer than 90 days to implement.

The Senate’s unanimous passage of the Creating High-Quality Results and Outcomes Necessary to Improve Chronic (CHRONIC) Care Act of 2017 (S.870) on September 26th is an encouraging step forward for modernizing telehealth access and reimbursement. The bipartisan, budget-neutral bill aims to improve health outcomes for Medicare beneficiaries living with chronic conditions and includes key provisions expanding access to telehealth. A summary of the key telehealth provisions under the CHRONIC Care Act can be found here.

The bill now moves to the House Subcommittee on Health and may be adopted in its current form or integrated into existing House bills. The House has already advanced three separate bills this year with telehealth provisions similar to those included in the CHRONIC Care Act: expanding telehealth services under Medicare Advantage (HR 3727), expanding telehealth for stroke patients (HR 1148), and expanding the use of telehealth to facilitate the use of home dialysis (HR 3178). With seemingly aligned goals between the two chambers, the House may accept the remaining provisions of the CHRONIC Care Act, or negotiate minor changes and incorporate the CHRONIC Care Act into another priority health care related bill, such as extending federal funding for the Children’s Health Insurance Program, as a vehicle for passage this calendar year.

The recent momentum of federal legislation focused on expanding telehealth services to Medicare beneficiaries signals Congress’ continued consideration of telehealth’s ability to improve patient health and lower the costs of health care delivery. In light of this increased legislative activity, health care providers, commercial payers and telehealth technology companies should be mindful of the following.

  • Consider developing or participating in studies designed to test the efficacy and efficiency (including costs) of telemedicine programs.
  • Continue exploring ways to tailor their care delivery and revenue models to provide telehealth services to Medicare beneficiaries.
  • Offer Center for Medicare and Medicaid Services (CMS) and MedPAC insights and guidance on ways to provide the Federal government agencies overseeing Medicare coverage and payment for telehealth services the best available industry information.
  • Focus operational goals to achieve cost and value goals that are of concern to the government.

On September 29, the Federal Trade Commission (FTC) formally announced a December 12th workshop on informational injury—the injury a consumer suffers when information about them is misused. The workshop will address questions such as, how to characterize and measure such injury and what factors businesses and consumers should consider the benefits and risks of collecting, using and providing personal information so as to gain further perspective for how the FTC should apply its legal framework for privacy and security enforcement under 15 USC § 45 (Section 5). In her September 19th remarks to the Federal Communications Bar Association, Commissioner Maureen Ohlhausen, the Acting Chairman of the FTC, metaphorically characterized the workshop’s purpose as providing the next brushstrokes on the unfinished enforcement landscape the FTC is painting on its legal framework canvas. The full list of specific questions to be addressed may be accessed here.

Background. The FTC views itself as the primary US enforcer of data privacy and security, a role it recently assumed. While the FTC’s enforcement against practices causing informational injury through administrative proceedings goes back as far as 2002, its ability to pursue corporate liability for data security and privacy practices under its Section 5 “unfair or deceptive trade practices” jurisdiction was only ratified in 2015 by the US Court of Appeals for the Third Circuit in FTC v. Wyndham Worldwide Corporation. The FTC has actively invoked its enforcement authority but, in doing so, has been selective in determining which consumer informational injuries to pursue by questioning the strength of evidence connecting problematic practices with the injury, examining the magnitude of the injury and inquiring as to whether the injury is imminent or has been realized. Continue Reading Upcoming FTC Workshop on Informational Harm | Next Brushstrokes on the FTC’s Consumer Privacy and Security Enforcement Canvas

On July 31, 2017, President Donald Trump’s Commission on Combating Drug Addiction and the Opioid Crisis recommended that he declare the opioid epidemic a national emergency. In August 2017 and again on October 16, 2017, the president indicated he would declare the opioid crisis a national emergency. While it is apparent that the nation is suffering a drug overdose and opioid-specific crisis, the question remains as to what effect such a declaration would have on combatting the crisis.

The president’s powers to declare a national emergency arise from the Stafford Act, and once a national emergency is declared, it enables 1) access to US Department of Homeland Security ‒ Federal Emergency Management Agency (FEMA) funding, with states able to request grants for the specific purposes of treating opioid addiction; 2) the ability to re-appropriate federal agency workers, such as those employed by the agencies under the US Department of Health and Human Services (HHS) umbrella, to specifically research and treat opioid addiction; and 3) waiver of federal Medicaid regulations to provide additional aid to beneficiaries, ensuring sufficient health care items and services are available to meet the needs of beneficiaries. Such a declaration would undoubtedly open up both federal and state governments to formulate a comprehensive, unified strategy to combat the opioid epidemic sweeping the nation. Continue Reading The Opioid Crisis: Declaring a National Emergency and the Effect on Remote Prescribing through Telemedicine

Following the first enforcement actions by local authorities in Shantou and Chongqing for violations of the new Network Security Law that came into effect this year, authorities in China have recently shown a clear initial focus with several new cases targeting provisions of the law that require monitoring of platform content. As of the start of October 2017, enforcement actions by authorities in China have targeted platform content violations in nearly 70 percent of all actions under the new provisions of the data protection rules.

 

Continue Reading China Data Protection Enforcement Update – A Focus on Platform Content

The validity of Model Clauses for EU personal data transfer to the United States is now in real doubt as a result of a new Irish High Court judgment stating that there are “well founded grounds” to find the Model Clauses invalid. The issue of Model Clauses as a legitimate data transfer mechanism will now be adjudicated by the European Court of Justice (ECJ), the same court that previously overturned the Safe Harbor arrangement. EU and US companies will need to consider various strategies in anticipation of this decision.

Continue Reading

A recent article in Kaiser Health News highlights the health risks associated with the increased effort to get patients home—namely, the need for families to gain and effectively deploy the skills needed to care for themselves and family members. The article highlights the risks (and increased rates) of infections, particularly in relation to catheters. However, it does not take much imagination to identify other conditions where at home care is critical.

Concise and easy to follow instructions are key, of course, but information technology can play a role here as well. While the business plan for this type of digital health strategy may not be as clear as others, this is the type of sector that could demonstrate the digital health opportunity in the effort to increase value in health care delivery.