Little Health Law Blog

HIPAA Breach Primer: Part 2—Patient Notification

October 21, 2021 | Little Health Law

ehrsiner_770-e1634851226990 Welcome to the second post in our three-part HIPAA Breach series! In the first post, HIPAA Breach Primer: Part 1—The Risk Assessment, we provided an overview of HIPAA requirements and how to conduct a Risk Assessment to determine the risk that a HIPAA violation occurred. To recap, there are generally three initial steps a practice takes in the face of a potential HIPAA breach. First, performing a risk assessment to determine whether a breach, in fact, occurred. Second, if the risk assessment reveals a probability that personal health information (PHI) was likely compromised, then the patients involved must be notified. Third, the breach must be reported to HHS’s Office of Civil Rights (OCR).

This post explores the second step—notifying patients. Future posts will discuss the third step required if the risk assessment reveals a breach occurred. Note, this post and series do not address state privacy laws or attendant state notification or reporting requirements upon a breach. If you have questions regarding this blog post, conducting a HIPAA risk analysis, your reporting and notification requirements under HIPAA, or other privacy-related matters, you may contact us at (404) 685-1662 (Atlanta) or (706) 722-7886 (Augusta), or by email, info@littlehealthlaw.com. You may also learn more about our law firm by visiting www.littlehealthlaw.com.

HIPAA Breach Primer: Part 1—The Risk Assessment

October 8, 2021 | Little Health Law

data-storage-1-1155466-m Welcome to the first post in our three-part HIPAA Breach series! Our healthcare and business law firm often works with medical practices to determine whether an act involving patient privacy constitutes a violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) requiring notification and reporting of any breach. By law, a patient’s health information can only be used and disclosed for specific reasons. When there is a risk that patient information has been accessed, used, or disclosed in a way that is not permitted, there may be a HIPAA violation. More information about the HIPAA rules can be found on our website here and the U.S. Department of Health and Human Services’ (HHS) website here. There are generally three initial steps a practice takes in the face of a potential HIPAA breach. First, performing a risk assessment to determine whether a breach, in fact, occurred. Second, if the risk assessment reveals a probability that personal health information (PHI) was likely compromised, then the patients involved must be notified. Third, the breach must be reported to HHS’s Office of Civil Rights (OCR).

This post is the first of a three-part series on HIPAA breaches. This post explains the first step—conducting the risk assessment. Future posts will discuss the second and third steps required if the risk assessment reveals a breach occurred. Note, this post and series do not address state privacy laws or attendant state notification or reporting requirements upon a breach. If you have questions regarding this blog post, conducting a HIPAA risk analysis, your reporting and notification requirements under HIPAA, or other privacy-related matters, you may contact us at (404) 685-1662 (Atlanta) or (706) 722-7886 (Augusta), or by email, info@littlehealthlaw.com. You may also learn more about our law firm by visiting www.littlehealthlaw.com.

What Physicians at FQHC’s Need to Know About Malpractice Actions

September 29, 2021 | Little Health Law

medical_malpractice_legal_terms-e1632925373696 As a healthcare and business law firm, we work with many physicians employed by Federally Qualified Health Centers, or “FQHCs.” Working at an FQHC offers certain benefits and protections to providers. One such benefit is that individual providers are generally protected from civil malpractice lawsuits. Although our firm does not litigate medical malpractice actions, we work with physicians who are accused of malpractice within an action involving FQHCs to minimize damage to the physician’s reputation and record, particularly regarding reporting to the National Practitioner Data Bank (“NPDB”). This post intends to outline what a physician working at an FQHC needs to know if an individual brings a malpractice action. If you have questions regarding this blog post, the NPDB, or FQHC-related matters, you may contact us at (404) 685-1662 (Atlanta) or (706) 722-7886 (Augusta), or by email, info@littlehealthlaw.com. You may also learn more about our law firm by visiting www.littlehealthlaw.com.

Suit Against the United States Not Individual Doctors or Practices

The first thing to note is that if you are a physician for most FQHCs and a patient wishes to sue alleging medical malpractice, you—as the physician—and the health center are generally protected from being named in a lawsuit.

Why is that? Continue reading ›

Prescribing Controlled Substances Based on Telemedicine Visits During the COVID-19 Public Health Emergency

September 17, 2021 | Little Health Law

image_4-e1631547014743 Last week, our blog post discussed the general rules permitting telemedicine in Georgia. Often, our healthcare and business law firm’s provider clients who conduct telemedicine also need to understand the requirements around prescribing controlled substances based on telemedicine visits. This post intends to outline some of the relevant prescribing rules in Georgia and the exceptions due to the Public Health Emergency (PHE) created by COVID-19. This post intends to outline some relevant Georgia rules and regulations relating to telemedicine. If you have questions about telemedicine or prescribing rules or would like to discuss this blog post, you may contact our healthcare and business law firm at (404) 685-1662 (Atlanta) or (706) 722-7886 (Augusta), or by email, info@littlehealthlaw.com. You may also learn more about our law firm by visiting www.littlehealthlaw.com.

Georgia Rules on Prescribing Controlled Substances via Telemedicine

As discussed in our prior blog post on the general telemedicine rules, we look to the Medical Board’s rules on Unprofessional Conduct, among other rules, to decipher what is allowed in Georgia. Rule 360-3-.02 defines Unprofessional Conduct to include subsection (5), which provides that Unprofessional Conduct could include: “Prescribing controlled substances . . . and/or dangerous drugs . . . for a patient based solely on a consultation via electronic means with the patient, patient’s guardian or patient’s agent.” As such, the general rule prohibits prescribing controlled substances via a telemedicine consult. However, the rule does “not prohibit a licensee from prescribing a dangerous drug for a patient pursuant to a valid physician patient relationship in accordance with O.C.G.A. § 33-24-56.4 or a licensee who is on-call or covering for another licensee from prescribing up to a 30-day supply of medications for a patient of such other licensee nor shall it prohibit a licensee from prescribing medications when documented emergency circumstances exist.” Rule 360-3-.02(5). There are other exceptions related to specific Schedule II controlled substances.

Telemedicine Rules in Georgia

September 10, 2021 | Little Health Law

MM-0220-Telemedicine-iStock-e1581381176331-1024x814-1-e1631301250783 Our healthcare and business law firm frequently receives questions asking about telemedicine rules in Georgia. This post intends to outline some relevant Georgia rules and regulations relating to telemedicine. Our next post will consider the rules around prescribing based on a telemedicine consult and how COVID-19’s Public Health Emergency impacts those rules. If you have questions about telemedicine rules and regulations or would like to discuss this blog post, you may contact our healthcare and business law firm at (404) 685-1662 (Atlanta) or (706) 722-7886 (Augusta), or by email, info@littlehealthlaw.com. You may also learn more about our law firm by visiting www.littlehealthlaw.com.

General Telemedicine Rules and Definitions

The Georgia Composite Medical Board (“Medical Board”) generally requires an in-person exam, but the Medical Board Rules allow telemedicine in certain situations. To begin, the relevant definition of “telemedicine” is found in Georgia’s insurance code and defines “telemedicine” as:

Healthcare Treats Patients, HIPAA Protects Them: Recent Changes to the HIPAA Laws and How These Changes Affect the Healthcare Community

August 30, 2021 | Little Health Law

By: Brian Field

6E9A1516-lower-res-e1630337874585

With the ever-changing climate of technology, the Health Insurance Portability and Accountability Act (HIPAA) continues to make patient-centered modifications intended to protect personal health records. Key components to the most recent updates to HIPAA include prohibition of records withholding.

The inspiration for the recent changes come from the Office of Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS). A goal of both entities is to protect the health of all Americans and ensure essential human services. The OCR continues to reinforce a focus on patients regarding health and health records by aiming to eliminate technical barriers and reducing or eliminating cost to patients.

Following HIPAA law changes can be daunting, but if there is one thing to keep in mind, it is that HIPAA prioritizes patients. The information below is a snapshot of what you should know as you navigate health records storage for your patients before, during, and after their care with you has ended:

Study Shows Increase in Physicians Leaving Independent Practices for Hospital Employment During COVID-19

August 13, 2021 | Little Health Law

Employment-Agreement-scaled-600x400-1-e1628799705812 All individuals and industries have been impacted by COVID-19. As relevant to most of our clients, the medical industry has been heavily impacted. In June 2021, the Physicians Advocacy Institute (“PAI”) released the results of a study entitled: “COVID-19’s Impact on Acquisitions of Physician Practices and Physician Employment 2019-2020.” If you have questions about selling or purchasing a practice or physician employment questions, or would like to discuss this blog post, you may contact our healthcare and business law firm at (404) 685-1662 (Atlanta) or (706) 722-7886 (Augusta), or by email, info@littlehealthlaw.com. You may also learn more about our law firm by visiting www.littlehealthlaw.com.

A main takeaway from the study is that between January 1, 2019, and January 1, 2021, “48,400 additional physicians left independent practice and became employees of hospitals or other corporate entities – 22,700 of that shift occurred after the onset of COVID-19.” This is a 12% increase in the percentage of hospital-employed physicians over the two-year study period. Furthermore, during the two-year study period, there was a 25% increase in corporate-owned practices nationally.

HB 458: Georgia Legislation Responding to Sexual Misconduct in Healthcare & New Mandatory Reporting Requirements

August 7, 2021 | Little Health Law

medical-doctor-1314902-m In our previous post reviewing the Georgia Composite Medical Board’s (“Medical Board” or “GCMB”) June Monthly Meeting Minutes, we touched on the Medical Board’s acknowledgment of House Bill 458. Herein, our healthcare and business law firm analyzes more thoroughly the new law and its impact on Georgia physicians and the Medical Board. If you have licensing or other GCMB questions or would like to discuss this blog post, you may contact our healthcare and business law firm at (404) 685-1662 (Atlanta) or (706) 722-7886 (Augusta), or by email, info@littlehealthlaw.com. You may also learn more about our law firm by visiting www.littlehealthlaw.com.

HB 458 amends Title 43 of the Official Code of Georgia in varied ways to accomplish the following goals:

Georgia Medical Board June Monthly Meeting Minutes Review

August 3, 2021 | Little Health Law

images Welcome to the second installment of our business and healthcare law firm’s monthly medical board meeting review, focusing on the Georgia Composite Medical Board (“Medical Board” or “GCMB”). As a healthcare law firm with physician clients, it is our duty to stay up to date with the Medical Board’s positions and changes so as to better inform our clients. If you have licensing or other GCMB questions or would like to discuss this blog post, you may contact our healthcare and business law firm at (404) 685-1662 (Atlanta) or (706) 722-7886 (Augusta), or by email, info@littlehealthlaw.com. You may also learn more about our law firm by visiting www.littlehealthlaw.com.

The Medical Board met on June 3, 2021 via video teleconference. The June monthly meeting minutes are available here. The Medical Board also publicly releases public orders and agreements each month.

Meeting Minutes

A main theme during the introductory Executive Director’s Report involved preventing and responding to sexual misconduct in the healthcare field. The Board was presented with an article, “State Medical Board Recommendations for Stronger Approaches to Sexual Misconduct by Physicians,” available here. The Board also discussed House Bill 458, which passed the House and Senate and goes into effect on January 1, 2022. A blog post examining HB 458 in more detail is forthcoming from Little Health Law.

Reducing the Negative Impact of Inaccurate NPDB Reports

July 23, 2021 | Little Health Law

D1432441-e1627053044153 Our healthcare and business law firm consistently works with physicians who are dealing with complications resulting from adverse reporting to the National Practitioner Data Bank (“NPDB”). Certain entities, including medical licensure boards and medical malpractice payers, have a duty to report specific actions or events to the NPDB. Any practitioner who has had the misfortune of having an action reported to the NPDB is likely aware of the negative impact such a report can have on his or her ability to practice. Sometimes, however, the information reported to the NPDB is inaccurate in whole or in part. Inaccurate or incomplete reports can have equally serious adverse impacts on a medical provider’s ability to practice as any correctly submitted NPDB report. This post outlines steps practitioners or counsel can take to help minimize the adverse impact of such inaccurate reports. If you have a question about the NPDB or would like to discuss this blog post, you may contact our healthcare and business law firm at (404) 685-1662 (Atlanta) or (706) 722-7886 (Augusta), or by email, info@littlehealthlaw .com. You may also learn more about our law firm by visiting www.littlehealthlaw .com.

Submitting a Statement

The NPDB allows practitioners to submit statements at any time to explain or supplement a report. According to the NPDB, the statement is the provider’s “opportunity to provide additional information [the provider] would like included with the report.” A statement does not correct or void a reporting by a medical board, but it is a useful tool for a provider to explain an adverse licensure action when that is necessary. This is a way to tell the practitioner’s side of events. Although the statement may be limited in its impact, it can be particularly useful to submit a well-drafted statement while waiting for the often-lengthy dispute resolution process to conclude. Statements can also be submitted or edited at any time, so the efficiency of a statement makes it a useful tool.

Disputing the Report

If the practitioner wishes to take the matter beyond submitting an explanatory statement, the practitioner must make an important decision: work through the NPDB or go straight to the source (the reporting organization). In our business and healthcare law firm’s experience, we have had more success working with the reporting entity directly to resolve reporting disputes. In fact, the NPDB directs providers to contact the reporting organization before initiating a formal dispute with the NPDB.