Friday, March 26, 2010

DEA Interim Final Rule on Electronic Prescribing of Controlled Substances

On March 24, 2010, the Drug Enforcement Administration (DEA) released the Interim Final Rule with Request for Comments on Electronic Prescribing of Controlled Substances.

The Interim Final Rule outlines the procedures for health care providers to electronically prescribe controlled substances. The DEA has revised its regulations to provide practitioners with the option of writing prescriptions for controlled substances electronically and permit pharmacies to receive, dispense and archive these electronic prescriptions.

The Interim Final Rule will be officially published in the Federal Register on Wednesday, March 31, 2010 and will include a 60 day comment period.

Tuesday, March 23, 2010

AHLA Teleconference: The Intersection of Social Media and Human Subjects Research

On May 4, 2010, I will be participating in a teleconference on The Intersection of Social Media and Human Subjects Research. The teleconference is co-sponsored by the American Health Lawyers Association Health Information Technology, Life Sciences and Teaching Hospitals and Academic Medical Centers Practice Groups.

The moderator for the teleconference will be Karl A. Thallner, Jr., Esquire, Partner, Reed Smith LLP, in Philadelphia, PA. The other panel presenters will be:
Naomi Halpern, Esquire
Frommer Lawrence & Haug, Washington, DC

Laura Odwazny, Esquire
Senior Attorney, Public Health Division
Office for Human Research Protections
Office of the General Counsel
U.S. Department of Health and Human Services, Rockville, MD
More information, including a description of the program and how to register, is available through the AHLA website.

Thursday, March 18, 2010

OCR Update on Issuance of HIPAA HITECH Rulemaking

Update from Office for Civil Rights (OCR) on issuance of the Notice of Proposed Rulemaking (NPRM) implementing changes to HIPAA under the Health Information Technology for Economic and Clinical Health Act (HITECH). Health care organizations and health lawyers have been anxiously awaiting rules implementing and interpreting the changes because the effective date for many of the HITECH requirements was February 17, 2010. Of particular interest has been whether or not health care organizations are required to amend business associate agreement.

The notice seems to indicate that the the date for compliance and enforcement may be delayed since it states that the NPRM "will provide specific information regarding the expected date of compliance and enforcement." However, covered entities and business associates need to weigh the risks of not complying with the new requirements while waiting for further clarification from OCR.

The notice states:
OCR will implement important privacy and security provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act through notice and comment rulemaking, as required by the Administrative Procedure Act. These provisions include: business associate liability; new limitations on the sale of protected health information, marketing, and fundraising communications; and stronger individual rights to access electronic medical records and restrict the disclosure of certain information. OCR continues work on a Notice of Proposed Rulemaking (NPRM) regarding these provisions. Although the effective date (February 17, 2010) for many of these HITECH Act provisions has passed, the NPRM and the final rule that follows will provide specific information regarding the expected date of compliance and enforcement of these new requirements.

However, interim final rules implementing HITECH Act provisions in two areas have already been issued and are currently in effect: enforcement and breach notification. New civil money penalty amounts apply to HIPAA Privacy and Security Rule violations occurring after February 17, 2009. Covered entities and business associates must comply now with breach notification obligations for breaches that are discovered on or after September 23, 2009. OCR announced previously that it would use its enforcement discretion not to impose fiscal sanctions with regard to breaches discovered before February 22, 2010. Since that date has passed, OCR will enforce the Breach Notification Interim Final Rule, including with the possible imposition of sanctions, as it does with the HIPAA Privacy and Security Rule requirements.

Tuesday, March 16, 2010

West Virginia State Bar Issues Advisory Opinion 10-001 Clarifying Rule 8 Pro Hac Vice Admission

Today the West Virginia State Bar announced that the West Virginia State Bar's Unlawful Practice of Law Committee has released Advisory Opinion 10-001, relating to questions from attorneys regarding its interpretation of Rule 8 of the West Virginia Rules of Admission to the Practice of Law, relating to admissions pro hac vice.

Advisory Opinion 10-001 addresses the following issues:

1. Whether the requirement in Rule 8 of of admission pro hac vice extends to matters in which no action, suit or proceeding is pending;

2. To what extent is the responsible local attorney required to participate in proceedings involving the attorney admitted pro hac vice;

3. Whether presiding judicial officers can "excuse" local counsel form participation or "waive" the requirement of participating; and

4. What limitations exist for attorneys seeking to be admitted pro hac vice, particularly their ability to be admitted on a frequent basis, or in multiple or consolidated actions.

Wednesday, March 10, 2010

AHLA Connections: Legal Implications of Health Care Social Media

The current issue of the American Health Lawyers Association's Connections magazine features an article I co-authored with fellow AHLA health lawyer, Jody Joiner, on the impact of social media use in health care.

The article, Risky Business: Treating Tweeting the Symptoms of Social Media (PDF version), is featured in the March 2010 issue of AHLA Connections (Vol.14, No. 3, March 2010), a health lawyer magazine for the health and life sciences law community.

We provide background context on the use of social media tools by health care providers, address why we think health lawyers need to understand social media, and explore some of the legal implications as social media and the law intersect. The article ends with practical guidance to health care providers and organizations on implementing policies emphasizing the appropriate use of social media.

You can peruse the complete digital edition of the March 2010 AHLA Connections (Vol. 14, No. 3, March 2010). AHLA members should also check out the article in this issue on the recently launch Health Law Wiki. Great to see AHLA adding a wiki resource for members to share their expertise and experience in the complex and ever changing health care legal and regulatory world.

Special thanks to the AHLA Connections staff for allowing Jody and I the opportunity to write the article and for their great editorial assistance.

Friday, March 05, 2010

Lesson for Hospitals and Health Care Providers: Photos of Shark Bite Victim

Martin Memorial too mum: Hospital staff violated privacy of shark victim, an article from the Palm Beach Post. The article highlights the impact ubiquitous mobile devices with cameras are having on our society and the potential liability risks associated with the use/misuse of these devices by health care employees.

The article indicates that various hospital employees took photos of a shark bite victim when he arrived in the emergency room. The article discusses the action taken by the hospital in response to the incident. Another article indicates that the photos were emailed to others.

This type of situation is a nightmare for hospital administration, the privacy officer and legal counsel. The effort and investigation that likely went into figuring out who took photos, where those photos went and the procedure for recapturing/removing the photos from the various sources was time consuming and expensive (both in $$ and reputation) for the hospital.

As such, this incident provides a good example for training and reeducating health care employees on patient privacy issues. Health care employees and professionals must always remember to start from a framework of protecting the health and privacy of their patients. As the use of mobile devices with cameras and social media tools becomes more ingrained in our every day lives -- the ability for private information to be captured, transferred and spread in a viral fashion has become much easier. Caution must be used and this case highlights the importance of retraining staff and highlighting the importance of protecting your patient's privacy.

Monday, March 01, 2010


A warm welcome to fellow AHLA member and health law blogger, Kathie McDonald-McClure.

I just ran across her blog, HITECH Law Blog. She focuses the blog on health information technology, privacy and security and the blog was named after the HITECH Act. Looks like a great addition to the health law blogosphere.

Ms. McDonald-McClure is a member of the Health Care Services Team at Wyatt Tarrant & Combs, LLP in Louisville, KY.