In the ongoing effort to help individuals impacted by COVID-19, Congress passed the Coronavirus Aid, Relief, and Economic Securities Act (CARES Act) on March 27, 2020. The President signed the CARES Act into law the same day. The historic stimulus package provides wide-ranging relief for both employers and employees. This includes rules that impact health and welfare, retirement and executive compensation plans and programs.
For more information about the impact of the CARES Act on employer-provided benefits, access our On the Subject articles on the:
In addition, for information about the frequently asked questions regarding health and welfare, retirement and executive compensation issues in the COVID-19 era, access our FAQs.
Healthcare providers and insurers are still making tons of rookie mistakes on patient privacy, turning themselves into easy enforcement targets, according to Roger Severino, director of the US Department of Health and Human Services.
Severino made headlines in 2017 for expressing interest in punishing a “big, juicy, egregious” privacy breach, and seemingly followed through with a $16 million settlement stemming from Anthem Inc.’s megabreach involving 79 million patients. But, an emphasis on smaller violations makes sense in light of the OCR’s recent acknowledgement of limits on its penalty powers, said Edward G. Zacharias, a McDermott partner.
The demand for healthcare innovation is driving collaboration between formerly disparate healthcare companies and bringing in new players, such as technology companies and start-ups, into an already complex space. As companies build partnerships and pool resources—particularly healthcare data—data ownership presents numerous challenges that need to be addressed throughout the lifecycle of the collaboration. In this episode of the Of Digital Interest, podcast McDermott partners Jiayan Chen and Jennifer S. Geetter explore:
Key concerns for companies executing data-driven collaborations
Consumer expectations surrounding data use, data privacy and their impact on digital health collaborations
The role of HIPAA and federal and state regulators in regulating data use
Common questions about secondary use and identifiable and de-identified data
Commercialization strategies and “green flags” for identifying the right collaboration partner
As the telemedicine regulatory and reimbursement environment becomes more cohesive and providers and patients alike embrace technology, opportunities for telemedicine collaborations are likely to grow. Like any collaboration, finding the right partner is crucial for success, particularly at the highly scrutinized intersection of healthcare and technology. This post explores the factors to address when evaluating service providers and vendors for your next telemedicine collaboration.
Data privacy and security legislation and enforcement saw significant activity in 2018 and early 2019. McDermott’s 2018 Digital Health Year in Review: Focus on Data report – the first in a four-part series – highlights notable developments and guidance that health care providers, digital health companies and other health care industry stakeholders should navigate in 2019. Here, we summarize four key issues that stakeholders should watch in the coming year. For more in-depth discussion of these and other notable issues, access the full report.
EU General Data Protection Regulation (GDPR) enhances protections for certain personal data on an international scale. US-based digital health providers and vendors that either (a) offer health care or other services or monitor the behavior of individuals residing in the EU, or (b) process personal data on behalf of entities conducting such activities should be mindful of the GDPR’s potential applicability to their operations and take heed of any GDPR obligations, including, but not limited to, enhanced notice and consent requirements and data subject rights, as well as obligations to execute GDPR-compliant contracts with vendors processing personal data on their behalf.
California passes groundbreaking data privacy law. The California Consumer Privacy Act (CCPA), which takes effect on January 1, 2020, will regulate the collection, use and disclosure of personal information pertaining to California residents by for-profit businesses – even those that are not based in California – that meet one or more revenue or volume thresholds. Similar in substance to the GDPR, the CCPA gives California consumers more visibility and control over their personal information. The CCPA will affect clinical and other scientific research activities of academic medical centers and other research organizations in the United States if the research involves information about California consumers.
US Department of Health and Human Services (HHS) Office of Civil Rights (OCR) continues aggressive HIPAA enforcement. OCR announced 10 enforcement actions and collected approximately $25.68 million in settlements and civil money penalties from HIPAA-regulated entities in 2018. OCR also published two pieces of guidance and one tool for organizations navigating HIPAA compliance challenges in the digital health space.
Interoperability and the flow of information in the health care ecosystem continues to be a priority. The Office of the National Coordinator for Health Information Technology (ONC) submitted its proposed rule to implement various provisions of the 21st Century Cures Act to the Office of Management and Budget (OMB) in September 2018; this is one of the final steps before a proposed rule is published in the Federal Register and public comment period opens. The Centers for Medicare & Medicaid Services (CMS) released its own interoperability proposed rule and finalized changes to the Promoting Interoperability (PI) programs to reduce burden and emphasize interoperability of inpatient prospective payment systems and long-term care hospital prospective payment systems.
One of the busiest times of year for an employee benefits professional is open enrollment. It is a crucial and yet stressful time of year that typically results in numerous employee questions and complaints and is a time of year with high potential for both employer and employee mistakes. Despite the stress and potential for problems, open enrollment provides an opportunity for a company to set itself up for success for the following year.
The Employee Retirement Income Security Act (ERISA) does not require an annual opportunity for employees to change benefit plan elections. However, because of compliance issues that can spring from not offering a regular enrollment period, most companies choose to offer an “open enrollment” period, usually taking place in mid- to late fall for calendar-year health and welfare benefit plans.
Employee attention to employer communications during this period is often high, and attention to detail in participant communications behooves an employer during this period. Well-written and timely notices may be relied upon to satisfy many compliance obligations. Inaccurate or incomplete open enrollment materials, however, can create employee confusion and result in legal liability under the complex network of federal laws governing employer-sponsored benefit programs.
Read the full article here for a sampling of key issues to consider to help you avoid compliance missteps during this year’s open enrollment period.
Originally published in BenefitsPRO.com, October 2018.
Throughout 2017, the health care and life sciences industries experienced a widespread proliferation of digital health innovation that presents challenges to traditional notions of health care delivery and payment as well as product research, development and commercialization for both long-standing and new stakeholders. At the same time, lawmakers and regulators made meaningful progress toward modernizing the existing legal framework in a way that will both adequately protect patients and consumers and support and encourage continued innovation, but their efforts have not kept pace with what has become the light speed of innovation. As a result, some obstacles, misalignment and ambiguity remain.
We are pleased to bring you this review of key developments that shaped digital health in 2017, along with planning considerations and predictions for the digital health frontier in the year ahead.
In October 2016, the American Association of Retired Persons (AARP) sued the US Equal Employment Opportunity Commission (EEOC) in the US District Court for the District of Columbia seeking an injunction against the latest iteration of wellness program regulations. The final EEOC regulations issued last year offer employers a roadmap for offering employee wellness programs that pass muster as “voluntary” examinations under the Americans with Disabilities Act (ADA) and the Genetic Information Nondiscrimination Act of 2008 (GINA). In response, AARP argued that the EEOC failed to adequately justify the new rules and abused its regulatory power by reversing course on its long-standing position against wellness programs.
Jennifer Geetter and Dale Van Demark wrote this bylined article on how companies must manage and govern their use of digital healthcare information assets. “Organizations will need to design and implement digital governance structures that … include additional components and organizational stakeholders, in order to meet the business and strategic demands of the digital health revolution,” the authors wrote.
In the presentation “Highlights of Record Retention Requirements Applicable to Employee Benefit Plans,” Todd A. Solomon detailed the general rules of The Employee Retirement Income Security Act of 1974 (ERISA). He discussed several specific record-keeping requirements for employee benefit plans and a number of general requirements that imply a duty to retain records, for example general fiduciary duties, plan distribution requirements, COBRA requirements and qualified medical child support requirements.
Subscribe
