New Jersey HIPAA Health Law Lawyer & Attorney : Fox Rothschild LLP Law Firm : Serving Newark, Jersey City, Paterson, Princeton, Mercer County

In one of my earlier blog posts, I mentioned that carrots and sticks could be coming in connection with the adoption of health information technology.  Well, yesterday afternoon the Senate passed the Medicare Improvements for Patients and Providers Act of 2008 (H.R. 6331) which proposes that Medicare physicians who use e-prescribing technology would be eligible for incentive payments of:

• 2% in fiscal year 2009 and 2010
• 1% in FY 2011 and 2012 and
• 0.5% in 2013.

Physicians participating in Medicare who do not e-prescribe by 2012 would see a 2% payment cut!   The bill permits the Secretary to establish a hardship exception to providers who are unable to use a qualified e-prescribing system. Also, it proposes that a Government Accountability Office (GAO) be established to report on the effect of the e-prescribing incentives included in the legislation. 

H.R. 6331 now goes to President Bush for signing . . .  or veto.  

Some reports indicate that President Bush has long-threatened to veto the bill due to his opposition to the way in which the bill relies on certain Medicare Advantage cuts to offset the costs of the bill.  But, because yesterday more than two-thirds of the Senate voted to support the bill, both the House and the Senate have now passed the bill with enough support to overturn any veto.  Under the U.S. Constitution, if the President fails to sign the bill within 10 days, it automatically becomes law without his signature.

• Email This
• Print
• Comments
• Trackbacks

Yesterday, the White House Office of the Press Secretary announced that President Bush signed the Genetic Information Nondiscrimination Act of 2008 ("GINA").  The intent of GINA is to protect individuals from employers and insurance companies denying employment, promotions or health coverage to people when genetic tests show they have a predisposition to cancer, heart disease, or other ailments.  But critics of the law are concerned that certain provisions are vague and may expose employers and insurers to frivolous lawsuits.  

The Genetic Information Nondiscrimination in Employment ("GINE") Coalition lobbied and prepared numerous letters to Congress to have certain provisions of GINA revised prior to enactment in order to protect employers' nondiscriminatory practices and legitimate collection and uses of genetic information.  According to Michael Eastman, executive director of labor law policy at the US Chamber of Commerce and a member of the GINE Coalition, the group remains concerned that GINA (1) will not preempt inconsistent state laws, (2)  will award “excessive” punitive and compensatory damages that will likely encourage “unmeritorious litigation," and (3) lacks exceptions to provisions barring the collection of genetic information.  

For a good review of the pros and cons of GINA, see an article published by GenomeWeb Daily News.  For a quick and dirty summary of  legal provisions of GINA, click and read on . . .

• Email This
• Print
• Comments
• Trackbacks

ScienceDaily reports today that the U.S. Senate approved the Genetic Information Nondiscrimination Act of 2008 (GINA) yesterday, April 24, 2008, by unanimous consent of an amended version of H.R. 493, which passed the House last April 25, 2007 by a vote of 420-3.  The House is expected to take up the measure again quickly before sending it to President Bush to sign into law.  A copy of amended H.R.493 can be viewed on the Library of Congress’ Thomas website. 

Among other things, GINA directs the Secretary of DHSS to revise the HIPAA privacy regulation, within 60 days after the date of the enactment  of GINA, to include the following:

(a)(1) Genetic information shall be treated as health information described in [HIPAA].

     (2) The use or disclosure by a covered entity that is a group health plan, health insurance issuer that issues health insurance coverage, or issuer of a medicare supplemental policy of protected health information that is genetic information about an individual for underwriting purposes under the group health plan, health insurance coverage, or medicare supplemental policy shall not be a permitted use or disclosure. . . . .

(d) Enforcement - In addition to any other sanctions or remedies that may be available under law, a covered entity that is a group health plan, health insurance issuer, or issuer of a medicare supplemental policy and that violates the HIPAA privacy regulation (as revised under subsection (a) or otherwise) with respect to the use or disclosure of genetic information shall be subject to the penalties described in [the HIPAA Statute] in the same manner and to the same extent that such penalties apply to violations of this part. (Emphasis was added).

GINA aims to protect the privacy of all Americans’ genetic information and to establish a national and uniform basic standard necessary to fully protect the public from discrimination based on genetic information.  Until yesterday, genetic information has been protected specifically only by a handful of states.  In New Jersey, the New Jersey Genetic Privacy Act (N.J.S.A. §§10:5-43 et seq.) already provides that no person may disclose or be compelled to disclose the identity of an individual upon whom a genetic test has been performed, or individually identifiable genetic information, except pursuant to a few very limited exceptions. See N.J.S.A. §10:5-47.  However, any entity that or individual who uses or handles DNA in New Jersey should reevaluate its disclosure and consent procedures in light of GINA’s new standards.

• Email This
• Print
• Comments
• Trackbacks

• What the HIPSA?!!   After HIPAA, the last thing most of us want to hear is another acronym that starts with the letter "H" and makes our heads spin trying to figure out whether the answer to the question is "to disclose" or "not to disclose."   But, here it may come..... Covered Entities (and anyone currently handling health information, for that matter) should keep an eye on U.S. Senate Bill 1814, the Health Information Privacy and Security Act ("HIPSA"), currently under consideration by the Committee on Health, Education, Labor, and Pensions.  HIPSA could change the current HIPAA landscape by, among other things, aiming to directly govern each individual who and entity that uses personal health information.  The potential new law is also looking to create a right of private action (the right to file a private lawsuit), and allow state attorneys generally to sue for privacy and security violations.  Each of these elements is more far-reaching than HIPAA, which directly governs only Covered Entities, and does not provide a statutory private right of action.
• New Jersey Health Information Technology Promotion Act (NJ HITPA), Senate Bill 2728.   As NJ HITPA inches forward (last updated 11/2007), New Jersey may be one step closer to setting up the infrastructure necessary to support a state-wide RHIO (Regional Health Information Exchange) in 2008.  NJ HITPA establishes the New Jersey Health Information Technology Commission to assume primary responsibility within State government for the development, implementation, and oversight of the Statewide health information technology plan.  That plan is to be designed to establish a secure, integrated and interoperative, Statewide electronic health information infrastructure for the sharing of electronic health information among health care facilities, health care professionals, public and private payers, and patients, which complies with all State and federal privacy requirements and links all components of the health care delivery system through secure and appropriate exchanges of health information. 
• Ban On Data Mining.  On December 12, 2007, the Washington D.C. Council voted in favor of restricting access to information about physicians' prescribing trends.  The ban is the result of a much larger debate, namely whether prescription data should be allowed to be mined and sold to pharmaceutical companies and whether such practice drives up the costs of prescription drugs and interferes with physician practices. However, from a HIPAA standpoint, the ban may spur a trend that could restrict access to deidentified information.  Under HIPAA, if information is "deidentified" (stripped of all identifying elements) then the federal Privacy Rule does not prohibit its disclosure. Most state laws also limit confidentiality protections to "identifying" personal information. Therefore, "anti-data mining" laws such as the one being considered in D.C. (as well as in 12 other states, including New Hampshire, Maine and Vermont) would, in many instances, result in state laws that are more restrictive than HIPAA and create a new barrier to pharmaceutical companies and others obtaining such information.
  
• States Amending Privacy Laws.  Look for legislation to be introduced in New Jersey and other states that tighten up privacy and security requirements in certain instances, and that clarify restrictions that have become outdated.  For example, the Pennsylvania Department of Health ("PA DOH") proposed to amend its regulations relating to the disclosure of patient information under the Pennsylvania Drug and Alcohol Abuse Control Act . The proposed rule, set forth in the Pennsylvania Bulletin at 37 Pa.B. 6529, indicates that the PA DOH determined that the current regulation is outdated and is an impediment to service delivery and the coordination of care for individuals with substance abuse problems.  In general, the proposed rule expands the amount of information treatment providers may release to other entities (in accordance with the existing statute), and clarifies what information is subject to the confidentiality and disclosure restrictions.  

• Identity-Theft Prevention Laws.  As the nation moves toward converting from paper to electronic health records and our personal information becomes more accessible, medical identity theft has become pervasive. Many states, including New Jersey, have passed security-breach notification laws that require providers to notify an individual if his/her electronic information has been accessed in an unauthorized manner. Look, however, for states to expand their current laws protecting the security of health information and specifically target medical identity theft. 

• Email This
• Print
• Comments
• Trackbacks

As more and more providers and other stakeholders in the health care sector move towards using the electronic medium as their preferred method to store and exchange patients' health information, there is growing concern that HIPAA does not adequately assure that patients' privacy will be maintained.  In response, on July 18, 2007, Senators Patrick Leahy (D-Vt.) and Edward Kennedy (D-Mass.) introduced the Health Information Privacy and Security Act of 2007 ("HIPSA") in an attempt to give patients more control over their protected health information.  In addition, HIPSA would create a private right to sue violators (i.e., doctors, hospitals, health plans etc.) for violating their privacy rights, something that HIPAA does not currently afford (HIPAA enforcement is reserved for government action only).  Those who handle patients' health information likely will want to know: (1) how else does the Health Information Privacy and Security Act of 2007 differ from HIPAA and (2) how will it affect them? 

• Email This
• Print
• Comments
• Trackbacks