Chair's Column
By David W. Hilgers, Brown McCarroll, L.L.P., Austin, TX

My final Chair’s Column should be one waxing eloquently about the highlights of this year. Unfortunately, or fortunately for you, my final column is going to be more about inside baseball of the ABA than visionary. Because of the efforts that the Section is making to communicate with policymakers in D.C. and elsewhere, several people have raised the question as to what positions the ABA Health Law Section is authorized to take in those communications. In light of those questions, I thought it useful at this point in healthcare reform to outline the limits on the Health Law Section regarding the espousal of any particular position with government policymakers.

MORE

Casting a Vastly Expanded Regulatory Net: Implications of the New Definition of Business Associates under HITECH
By John R. Christiansen, Christiansen IT Law, Seattle, WA, and
Amy K. Fehn, Wachler & Associates, P.C., Royal Oak, MI

On July 14 the U.S. Department of Health and Human Services published a Notice of Proposed Rule Making for proposed regulations modifying the HIPAA privacy, security and enforcement rules (“NPRM”). Probably the most important single change to the HIPAA rules proposed in the NPRM is the expansion of Business Associate status to every entity which touches PHI, except on a “random and infrequent” basis, to perform a function or activity directly or indirectly “with respect to” a Covered Entity. This expanded status follows logically from HITECH’s expansion of jurisdiction to regulate PHI privacy and security to Business Associates, but is likely to come as a shock to many previously unregulated entities.

MORE

Proposed Rule Addressing Security Rule Compliance by Business Associates and Subcontractors
By Suzanne D. Nolan, Esq., Frank, Haron, Weiner and Navarro PL C, Troy, MI

The proposed rule set forth in the Notice of Proposed Rulemaking released by the U.S. Department of Health & Human Services (HHS) applies Security Rule provisions directly to business associates, a term which has been expanded to include subcontractors who create or use protected health information (PHI) while performing services for a business associate. The proposed rule implements the provisions of the Health Information Technology for Clinical Health (HITECH) Act that require business associates to directly comply with the Security Rule.

MORE

Practical Considerations: Business Associate Agreements Under The Proposed HITECH Rules
By Mark S. Hedberg, Esquire, Hunton & Williams LLP, Richmond, VA

On July 14, 2010, the Office for Civil Rights (“OCR”) of the Department of Health and Human Services published a Notice of Proposed Rulemaking (the “Proposed Rule”) to (a) implement the health information privacy and security related amendments of the HITECH Act and (b) make certain other modifications to the Standards for Privacy of Individually Identifiable Health Information (the “Privacy Rule”) and the Security Standards for the Protection of Electronic Protected Health Information (the “Security Rule”). Several aspects of the Proposed Rule are addressed in this edition of eSource; this article provides practical advice regarding implementation of its business associate (“BA”) agreement provisions.

MORE

How to Play – Commentary on the HIPAA Security Standards: Guidance on Risk Analysis
By Jan D. Gibson, JD, CPCU, ARe, Baudino Law Group, PLC , Des Moines, IA

The Office for Civil Rights (OCR) is responsible for issuing annual guidance to organizations under the HIPAA Security Rule, including, most recently, the administrative, physical and technical safeguarding of electronic protected health information (e-PHI). On May 7, 2010, the OCR released its draft guidance on risk analysis (Guidance) which will be updated following implementation of the final HITECH regulations. If you have played the strategic board game Risk®, then you will appreciate the OCR’s Guidance. If you have not played the game of Risk®, then this article is for you.

MORE

Did you know membership in an interest group is FREE with your Health Law Section membership?

Did you know your membership in the ABA Health Law Section qualifies you for free membership in up to three interest groups of your choice? Interest groups, which are comprised of twelve practices areas within health law, make significant contributions to the Section's programming, publications and legislative initiatives. The interest groups also provide an excellent opportunity for you to interact with and have access to some of the most outstanding lawyers in the legal community. You can enroll on our webpage by clicking here. If you have any questions or need more information, please contact Simeon Carson at Simeon.Carson@americanbar.org.

eHealth, Privacy & Security Interest Group

The eHealth, Privacy & Security Interest Group focuses on cutting edge issues dealing with technology and privacy as they relate to healthcare. Substantive topics of interest to committee members include health information privacy and security, electronic communications, electronic transactions and telehealth. The Interest Group will seek to encourage discussion and debate on emerging legal issues in these areas.

The IG is led by Chair W. Andrew H. Gantt III, Latham & Watkins LLP, Washington, DC and Vice-Chairs John R. Christiansen, Christiansen IT Law, Seattle, WA; Deborah C. Hiser, Brown McCarroll LLP, Austin, TX; R. Harold McCard, Jr., Community Health Systems, Franklin, TN and Brad M. Rostolsky, Reed Smith LLP, Philadelphia, PA.

If you would like to join the Interest Group, continue by clicking the following link: Health Law Section IG Sign-up Form.

ABA eSource Editorial Board

The ABA Health eSource Editorial Board is led by Chair Lisa Genecov, Locke Lord Bissell and Liddell LLP, Dallas, TX and editorial board members Michael E. Clark, Duane Morris LLP, Houston, TX; Adrienne Dresevic, The Health Law Partners, PC, Southfield, MI; Marla Durben Hirsch, Potomac, MD and Conrad Meyer, Chaffe McCall, LLP, New Orleans, LA.