Health Law Advisor

Too often, companies try to re-invent the wheel.  This is especially true in the telehealth sector where new models of care are constantly being tried and tested.  Fortunately for U.S. hospitals, health systems, and companies, however, we have great examples of telehealth models from around the world that have built successful business models in telehealth.

Take the example of Calydial, a company based in Lyon, France, that specializes in remote dialysis. Launched in 2006, Calydial started with 25 patients with renal impairment who needed remote treatment and monitoring. Today ...

The recent discovery of a security flaw that allows Skype accounts to essentially be hijacked has again raised the issue of the security of web-based platforms—and whether providers can meet their HIPAA obligations when using these communication tools.  The issue of Skype and similar platforms and HIPAA compliance is one that I am often asked about.  In a previous post, I addressed the issue and concluded that providers who wish to use Skype or similar platforms proceed with great caution.  I noted that the use of web-based platforms, especially those that are proprietary, may make it ...

By Ross K. Friedberg and Ophir Stemmer

This year we’ve seen a continuation of the trend toward heightened regulation and enforcement of the privacy and security requirements under the Health Information Portability andAccountability Act (“HIPAA”) and under other state and federal health privacy laws. Although there have not been any significant changes to federal health privacy laws this year, federal enforcement activity continues to be strong.

This post provides a summary of the developments in privacy and security law throughout the past year; discusses the ...

With a new era of active enforcement of the HIPAA privacy and security laws upon us, companies need to figure out early-on whether they are regulated under HIPAA, either as covered entities or business associates.  However, determining whether a company is subject to the HIPAA privacy and security requirements is not always straightforward, especially for companies in the health technology space.  There are two ways in which a company can become subject to HIPAA: (1) it functions as a health plan, health care provider or health care clearinghouse which could potentially make it a HIPAA ...

by Katherine R. Lofft

There are myriad opportunities right now for new businesses and talented entrepreneurs targeting healthcare, particularly in the IT sector.  It’s an exciting time for people and companies looking to harness the promise of innovation and the power of technology to improve health care delivery, empower patients and lower costs.

However, even the best ideas usually require money to get off the ground.  Sometimes they require more capital than the founders or management, or their family and friends, have available. While there are many individuals and ...

Mobile application (“app”) development is the new boon for technology companies of all sizes, and the phrase “There’s an app for that” tells the story of just how much this market has grown and matured.  Most of the early app development focused on low risk opportunities—those involving free or low-cost social media or gaming apps.  While protecting privacy and security of personally-identifiable information is generally important, privacy and security concerns typically do not rank as high priorities in decision-making when developing these types of apps.

By ...

Imagine there are two hospitals (or two physician groups). One is highly specialized and has developed a telemedicine program for treating stroke patients; the other is a community hospital or physician practice that would like to take part in this telemedicine program but does not want to pay for the technology needed to virtually connect with the program’s specialists. Can the telemedicine provider buy this technology for the receiving hospital or physician group, or rent it out at a deep discount, without violating the law?

This turns out to be a hard question. Under federal law ...

The following may surprise some: FDA approval or clearance is never enough. Not if manufacturers want a commercially successful product. There is no doubt that addressing FDA issues is critical. But without data to show effectiveness, payers will not reimburse a particular product or technology—and even the most promising product will languish in the market without the appropriate coverage and reimbursement.

The use of remote monitoring devices has increased significantly over the last few years. I think it is fair to say that many manufacturers of these devices worry ...

I’m sure most of you know about BYOB, but do you know about BYOD (Bring Your Own Device).  This is the term used when a company chooses to forgo issuing company-owned mobile computing devices (think smartphones and tablets), and encourages its employees to use their own personal mobile devices for business purposes.  And in the healthcare context, BYOD has important implications.

For better or for worse, many companies have opted to institute a BYOD policy for a number of reasons.  Here are just a few rationales for BYOD:

• Employees likely already have a smartphone or tablet or both.

Epstein Becker Green has been designated by the Health Information Trust Alliance (HITRUST) as a Common Security Framework (CSF) Assessor. This will allow the firm to provide health care organizations with privacy and security risk assessments to protect the entities from breaches of protected health information (PHI). The health care industry has accepted the HITRUST CSF as the most widely adopted security framework. Epstein Becker Green is the first law firm to become a CSF Assessor and the designation exemplifies the firm's distinct capability to identify and address risk for ...

Perhaps in recognition of its benefits to areas affected by shortfalls in specialists and primary care physicians or the need for remote monitoring, telemedicine received significant funding in the ARRA. For instance, the Rural Utilities Service was allocated $2.5 billion to fund “shovel-ready” distance learning, telemedicine, and broadband program; the Indian Health Services received $85 million to fund telemedicine; and a portion of the $2 billion allocated to the Office of the National Coordinator is to be used to support the “infrastructure and tools for the ...