West Virginia Repeals State’s Pharmaceutical Advertising Disclosure Law

The Governor of West Virginia signed last week Senate Bill 267 to repeal the Code provisions that created the Governor’s Office of Health Enhancement and Lifestyle Planning (GOHELP). This includes section 16-29H-8 of the Code, which requires prescription drug manufacturers and labelers to annually report advertising and promotion costs for the prior calendar year by April 1st.  Because Senate Bill 267 becomes effective 90 days after enactment, manufacturers and labelers are still expected to file the calendar year 2014 report by April 1, 2015.

Is this a new trend for 2015? Although the CMS Open Payments database is now live and the second round of reporting will be completed by applicable manufacturers and applicable group purchasing organizations this week, Minnesota and Connecticut each recently expanded the list of health care providers for whom payment reporting is required.  We will be watching further federal and state transparency developments.

Leave a comment

Filed under State Marketing & Disclosure Laws

HIPAA FAQ Series: Does HIPAA Permit Communications via E-mail with PHI Subjects?

Last week, we introduced a new series to this blog that will cover frequently asked questions regarding the Health Insurance Portability and Accountability Act (HIPAA).  This week, the series continues by delving into a hot topic that arises frequently: whether it is permissible for Covered Entities and Business Associates to communicate via e-mail with the subjects of PHI.  Many entities ask this question in the context of sending appointment notifications, facilitating follow-up care, and/or discussing treatment itself.  Does HIPAA permit these types of communications to occur electronically?

Continue reading

Leave a comment

Filed under Health Information Privacy, Health IT, HIPAA, HIPAA FAQ, Privacy and Security, Technology

Class Action Following Health Information Data Breach

As we discussed in our previous post, Premera Blue Cross (Premera) recently revealed that it suffered a massive data breach potentially exposing the personal data of 11 million customers.  On Thursday Premera was hit with a proposed class action lawsuit in Washington federal court accusing it of negligence associated with the data breach.  The suit claims that the letters notifying customers of the breach did not reach those affected within the 60 day notification period required by HIPAA, as Premera discovered the breach in January and letters may not reach all individuals affected until late April.  The suit also argues that the breach came just weeks after federal auditors warned Premera of security issues.

Continue reading

Leave a comment

Filed under Health Care, Health Information Privacy, Health IT, HIPAA, Litigation, Technology, Uncategorized

OIG Releases Advisory Opinion Regarding Laboratory and Physician Practice Agreement

On March 25, 2015, the U.S. Department of Health and Human Services Office of Inspector General (“OIG”) posted Advisory Opinion No. 15-04. In the opinion, the OIG addresses a laboratory’s proposal to enter into agreements with physician practices to provide all laboratory services for the practices’ patients. Under the proposed arrangement, the laboratory would waive all fees for those practices’ patients who are enrollees of certain insurance plans that require the patient to use a different laboratory. The OIG reviewed the proposed agreement to determine if it would constitute grounds for the imposition of sanctions, such as exclusion from participation in federal health care programs, civil monetary penalties, and other penalties associated with violating the Anti-Kickback Statute. Continue reading

Leave a comment

Filed under Advisory Opinions, Fraud and Abuse

Early 2015 Federal Policy Developments Impacting Medical Technology Companies

Health care is always a major issue in Washington, DC but recently how to promote innovation in medtech has become a priority within that conversation. Thus far, 2015 has produced a major legislative initiative in the form of 21st Century Cures, a significant report from the Federal Trade Commission (FTC) on the Internet of Things (IoT) and several pieces of guidance from the Food and Drug Administration (FDA) aimed at reducing regulatory burden for digital health. This is on top of the perennial debate over eliminating the medical device tax (there is an increasing likelihood of this actually happening!). This increased visibility for medtech in Washington bears close attention from company executives and counsel because it will shape the future for regulating medtech at the federal level. Presently, policymakers seem focused on protecting medtech companies’ ability to innovate in general, but that climate can change quickly with pressure from consumer groups and other interests. Click here for an overview of some of the more significant issues being discussed in Washington that could impact medtech growth and innovation.

Leave a comment

Filed under Health IT, Uncategorized

Another Large Scale Data Breach Announced by Premera Blue Cross

Premera Blue Cross revealed Tuesday it was hit by a sophisticated cyber attack potentially exposing personal data for approximately 11 million of its members including members, employees and others with whom it does business, dating back to as early as 2002.  The insurer said its investigation revealed the initial malware attack occurred on May 5, 2014, and access went undetected until January 29, 2015.  This breach adds to the growing list of hacks against health care companies and should again be an alert that systems must be adequately protected from sophisticated hackers.

Continue reading

1 Comment

Filed under Health Care, Health Information Privacy, Health IT, HIPAA, HIPAA FAQ, HIPAA Omnibus Rule, HITECH Act, Technology, Uncategorized

HIPAA FAQ Series: Are Covered Entities Liable for Business Associates’ HIPAA Violations?

This post marks the beginning of a new series on this blog covering various frequently asked questions regarding the Health Insurance Portability and Accountability Act (HIPAA).  There are many questions regarding HIPAA applicability, implementation, and liability that come up repeatedly.  We plan to use this series to discuss and analyze certain of these FAQs.  We are kicking off this feature with a post regarding HIPAA liability.  Specifically, are Covered Entities liable for their Business Associates’ HIPAA violations?

Continue reading


Filed under Government Enforcement, Health Information Privacy, HIPAA, HIPAA FAQ, HIPAA Omnibus Rule, Privacy and Security