Kristen Rosati Reviews a Year of Health Law Updates for AHLA’s Annual Meeting

Kristen Rosati Publishes Article on Strategies for Complying with Revised NIH Policies in Harvard Data Science Review

The National Institute of Health’s (NIH) revised Data Management and Sharing Policy requires a data sharing plan for all NIH-funded research, triggering compliance challenges amid quickly evolving federal, state, and international privacy standards.  In a special issue of Harvard Data Science Review, Kristen Rosati published an article on adopting strategies for long-term compliance in light of changing laws. In her article, Kristen recommended strategic, long-term data sharing solutions, including using HIPAA’s expert determination method to de-identify data to minimize potential future disconnects in data de-identification standards. Additionally, in light of concerns about whether de-identification of data is sufficient protection of privacy, and in the absence of a federal law prohibiting the re-identification of individuals in de-identified data sets, she recommends utilizing contractual controls on the use...

Read MoreRead More

Kristen Rosati Outlines Next Steps for Data Privacy Amid Roe v. Wade Reversal in STAT News

In the wake of the Supreme Court’s decision to overturn Roe v. Wade, many women now fear their confidential health records could be used to prosecute them for seeking an abortion in states where it is illegal. Kristen Rosati educated STAT News readers on how both businesses and individuals can protect medical privacy despite HIPAA’s outdated data policies. Kristen explained that HIPAA doesn’t cover many technologies that have emerged since its creation 26 years ago, including devices, apps and online searches that collect sensitive information. HIPAA also does not protect this data from being disclosed to law enforcement. Much of the responsibility to protect women from prosecution, then, will fall on individual companies. For example, she noted, apps could allow users to immediately delete their data,...

Read MoreRead More

Scott Bennett Educates Healthcare Risk Management Readers on Importance of Timely Access Request Responses for HIPAA Compliance

Following the Office for Civil Rights’ (OCR) report to Congress that revealed a 61% increase in HIPAA breaches affecting more than 500 people in 2020, Healthcare Risk Management turned to Scott Bennett for specific actions healthcare organizations should take to avoid complaints surrounding patient access and disclosure requests. Scott encouraged healthcare providers to continuously educate their personnel on the unique requirements and differences between the two types of requests and suggested supplying them with actionable guidance documents to use between trainings. Ensuring every access request is logged and receives a response within 30 days, as HIPAA mandates, will prevent OCR enforcement actions. Scott also recommended healthcare entities conduct a wide-scale security assessment that extends to every piece of hardware and software that touches electronic PHI. A leading...

Read MoreRead More
Erin Dunlap Provides Insight on Overturned HIPAA Penalty for Healthcare Risk Management

Erin Dunlap Discusses Recognized Security Practices for Complying with HIPAA Safe Harbor Law in Healthcare Risk Management

Although the 2021 HR 7898 HIPAA Safe Harbor law grants entities some protection against hefty HIPAA penalties, there are security nuances that risk managers and compliance officers must consider. Erin Dunlap provided Healthcare Risk Management with insight into how organizations can leverage security and risk management practices to reduce penalties from HIPAA-related investigations. HIPAA-covered entities have some flexibility in determining their recognized security practices, but Erin recommended they consider the NIST framework and HHS cybersecurity guidance for healthcare entities. Organizations that can show compliance with these industry-recognized standards and approaches in the previous 12 months may see a favorable termination of an investigation or may be granted leniency toward fines and penalties by the U.S. Department of Health and Human Services, Office for Civil Rights. With a...

Read MoreRead More
Kristen Rosati Reviews a Year of Health Law Updates for AHLA’s Annual Meeting

Kristen Rosati Recaps a Turbulent Year in Healthcare at the American Health Law Association Academic Medical Centers and Physicians-Hospitals Institutes

After more than two years of pandemic challenges and a string of new legal developments, Kristen Rosati reviewed the years’ challenges at the American Health Law Association (AHLA) Academic Medical Centers and Teaching Hospitals Institute and the AHLA Physicians and Hospitals Law Institute. Rosati educated legal counsel, compliance officers, and government representatives about health care reform efforts, vaccine mandates and COVID-related legislation and funding, HIPAA and other health information privacy and security developments, and hot news in clinical research and the life sciences industry. As one of the nation’s leading “Big Data” and HIPAA compliance attorneys, Kristen has extensive experience in data sharing and health information exchange, among other areas. Kristen is a Past President of AHLA and is sought-after speaker on these issues....

Read MoreRead More
Scott Bennett Informs Healthcare Risk Management Readers About Compensation Compliance

Scott Bennett Helps Healthcare Risk Management Readers Get Ahead of Cyberattacks

After the White House issued a memo warning healthcare organizations about the threat of cyberattacks, Healthcare Risk Management turned to Scott Bennett to explain how companies can prevent an attack that blocks them from providing core critical care functions. Scott warned that ransomware can be dangerous, especially if it causes a company to lose data about patient’s medical history or allergy data that is stored electronically. Scott suggested healthcare entities get ahead of the issue to ensure they aren’t first considering protections in the middle of a ransomware attack. A leading attorney representing hospitals and healthcare providers, Scott brings extensive knowledge related to data privacy and security, particularly when it comes to HIPAA and protecting sensitive healthcare information. He helps his clients comply with the complex web...

Read MoreRead More