Photo of Lisa Schmitz Mazur

Lisa Schmitz Mazur advises health care providers and technology companies on a variety of legal, regulatory and compliance matters with a particular focus on digital health topics, including telehealth, telemedicine, mobile health and consumer wellness. Lisa advises a variety of health care providers and technology companies involved in “digital health,” including assisting clients in developing and implementing telemedicine programs by advising on issues related to professional licensure, scope of practice, informed consent, prescribing and reimbursement. Lisa helps clients identify and understand the relevant legal issues, and develop and implement practical, forward-thinking solutions and strategies that meet the complex and still-evolving digital health regulatory landscape.  Read Lisa Schmitz Mazur's full bio.

On July 31, 2017, President Donald Trump’s Commission on Combating Drug Addiction and the Opioid Crisis recommended that he declare the opioid epidemic a national emergency. In August 2017 and again on October 16, 2017, the president indicated he would declare the opioid crisis a national emergency. While it is apparent that the nation is suffering a drug overdose and opioid-specific crisis, the question remains as to what effect such a declaration would have on combatting the crisis.

The president’s powers to declare a national emergency arise from the Stafford Act, and once a national emergency is declared, it enables 1) access to US Department of Homeland Security ‒ Federal Emergency Management Agency (FEMA) funding, with states able to request grants for the specific purposes of treating opioid addiction; 2) the ability to re-appropriate federal agency workers, such as those employed by the agencies under the US Department of Health and Human Services (HHS) umbrella, to specifically research and treat opioid addiction; and 3) waiver of federal Medicaid regulations to provide additional aid to beneficiaries, ensuring sufficient health care items and services are available to meet the needs of beneficiaries. Such a declaration would undoubtedly open up both federal and state governments to formulate a comprehensive, unified strategy to combat the opioid epidemic sweeping the nation. Continue Reading The Opioid Crisis: Declaring a National Emergency and the Effect on Remote Prescribing through Telemedicine

The Enhanced Nurse Licensure Compact (Compact) has now been adopted by 26 states, which means the Compact will be taking effect on January 19, 2018. Nurses who seek to practice telemedicine and deliver in-person care across state lines and who meet the Compact’s licensure requirements in these states will have one less obstacle to overcome going forward.

The Compact is an updated version of the original compact allows for registered nurses (RNs) and licensed practical/vocational nurses (LPN/VNs) to have one multistate license, which will enable them to practice nursing in person or via technology (e.g., videconference) in both their home state, as well as the other Compact states. Development and implementation of the Compact was not an easy feat, given the need for alignment of licensing standards across the Compact states, including federal and state fingerprint-based criminal background checks.

The 26 states participating in the Compact as of today are Arizona, Arkansas, Delaware, Florida, Georgia, Idaho, Iowa, Kentucky, Maine, Maryland, Mississippi, Missouri, Montana, Nebraska, New Hampshire, North Carolina, North Dakota, Oklahoma, South Carolina, South Dakota, Tennessee, Texas, Utah, Virginia, West Virginia and Wyoming.

For more information about the Compact, please visit: https://www.ncsbn.org/11070.htm.

The Office of the National Coordinator for Health Information Technology recently released a report (the Report) detailing user experience research on patient access to health data. The Report sought to examine the experiences of 17 individuals and processes of 50 health systems, with commentary from four medical record fulfillment administrators, to determine how the medical record request process can be improved for consumers. The Report ultimately concludes that patients and health care providers alike are in need of a well-defined process that is convenient, expedient and transparent.

Background

The Health Insurance Patient Portability and Accountability Act (HIPAA) does not create a uniform process for storage and production of medical records across providers, and in-turn did not create a convenient request process for patients. Generally, patients have a right to access a designated record set, which includes 1) medical records and billing records about individuals maintained by or for a covered health care provider; 2) enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; and 3) other records that are used, in whole or in part, by or for the covered entity to make decisions about individuals. Upon receipt of a request by a patient to access their health records, the covered entity receiving the request must produce the records within 30 days. Prior to producing those records, however, the covered entity must verify the identity of the individual making the request. This often involves signature verification or similar processes.

Continue Reading Many Lessons Still Need to be Learned regarding Patient Access to Health Care Information

Jennifer Geetter and Lisa Schmitz Mazur wrote this bylined article on the regulatory implications of technology-supported devices, resources, and solutions that facilitate health patient-provider interaction. “Health industry regulators are struggling with how to apply the existing privacy regulatory regime, and the permitted uses and disclosures for which they provide, in this new world of healthcare innovation,” the authors wrote.

Continue reading.

On May 3, 2017, the Creating Opportunities Now for Necessary and Effective Care Technologies for Health Act of 2017 (S. 1016) (CONNECT Act of 2017) was reintroduced by the same six senators who had initially introduced the legislation in early 2016 and referred to the Senate Committee on Finance. As we previously reported on February 29, 2016, this iteration of the proposed bill also focuses on promoting cost savings and quality care under the Medicare program through the use of telehealth and remote patient monitoring (RPM) services, and incentivizing such digital health technologies by expanding coverage for them under the Medicare program—albeit using different terminology. Chiefly, the CONNECT Act of 2017 serves as a way to expand telehealth and RPM for Medicare beneficiaries, makes it easier for patients to connect with their health care providers and helps reduce costs for patients and providers. As with the previous iteration, the CONNECT Act of 2017 has received statements of support from over 50 organizations, including the American Medical Association, American Telemedicine Association, Healthcare Information and Management Systems Society, Connected Health Initiative, Federation of State Medical Boards, National Coalition on Health Care and an array of vendors and health systems. Continue Reading Round Two: Significant Telehealth Expansion Re-Proposed in Bipartisan Senate Bill

The Electronic Health Records (EHR) Incentive Program run by Centers for Medicare and Medicaid Services (CMS) garnered attention again last week following the release of a report by the Office of Inspector General of the US Department of Health and Human Services (OIG) describing inappropriate payments to physicians under the program. The report follows on the heels of a high-profile settlement under the False Claims Act between the US Department of Justice and an EHR vendor related to certified electronic health record technology (CEHRT) used in the EHR Incentive Program (which we’ve previously discussed in-depth).

The OIG reviewed payments to 100 eligible professionals (EPs) who received EHR incentive payments between May 2011 and June 2014 and identified 14 inappropriate payments. OIG extrapolated the results of the review to the 250,470 total EPs who received incentive payments during that time period and estimated that CMS made approximately $729 million in inappropriate EHR incentive payments out of a total of just over $6 billion in such payments during the review period. Continue Reading OIG Reports More Than $731 Million in Inappropriate Medicare Meaningful Use Payments

As one of the last states to retain highly restrictive (and arguably anti-competitive) telemedicine practice standards, health care providers, regulatory boards, technology companies, payors and other stakeholders have been actively monitoring Texas’ approach to telemedicine regulation and the related Teladoc case. Texas has eliminated its most restrictive requirement for delivering care via telemedicine in Texas, increasing opportunities for providers to reach patients using technology.  Senate Bill 1107 was passed on May 11, 2017, and the House added an amendment in passing Senate Bill 1107, which was approved in the Senate on May 18.  The bill was signed into law by Governor Abbott last weekend.

Read the full article.

On April 24, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a Health Insurance Portability and Accountability Act of 1996 (HIPAA) settlement in the amount of $2.5 million based on the impermissible disclosure of unsecured electronic protected health information (ePHI) by a provider of remote mobile monitoring, with a focus on patients who are at risk for cardiac arrhythmias.

In January 2012, the remote monitoring company reported that a workforce member’s laptop containing the ePHI of over a thousand individuals was stolen from a parked vehicle outside of the employee’s home. A little over one year later, the same company reported a second breach that compromised the ePHI of twice as many individuals (details regarding this breach were not provided by OCR).

OCR’s investigation revealed that the company allegedly had insufficient risk analysis and risk management processes in place at the time of the theft. Additionally, the company’s draft policies and procedures implementing the standards of the HIPAA Security Rule had never been implemented, and the company was also unable to produce final versions of any policies or procedures regarding the implementation of safeguards for ePHI, including those for mobile devices.

Continue Reading Recent $2.5 Million OCR Settlement Is a Warning to Wireless Health Service Providers

Late last month, Senator Cory Gardner (R-CO) and Senator Gary Peters (D-MI) introduced Senate Bill 787, the Telehealth Innovation and Improvement Act (Telehealth Improvement Act), which is focused on expanding Medicare’s currently limited coverage of telehealth services and opportunities for innovation.

The Telehealth Improvement Act would require the Center for Medicare and Medicaid Innovation (CMMI) to test the effect of including telehealth services in Medicare health care delivery reform models. More specifically, the Act would require CMMI to assess telehealth models for effectiveness, cost and quality improvement, and if the telehealth model meets these criteria, then the model will be covered through the Medicare program. Continue Reading More Federal Legislation Aimed at Expanding Medicare Coverage of Telehealth Services