Category Archives: Physician

DOCTORS AND THE SURROGATE MOTHER

How should physicians deal with contractually arranged pregnancies?
Physicians, particularly obstetricians, dealing with surrogate pregnancies have unique legal and practical issues to face when dealing with the contractual obligations of the surrogate mother.

Physicians are not lawyers and shouldn’t pretend to help the parties with the surrogate contract issues. However, they can help the parties understand the medical issues such contracts create.

Treat Surrogate Mother and the Fetus

According to the recommendations of a 2008 American Congress of Obstetricians and Gynecologists (ACOG) committee opinion, a medical professional’s obligation is to care from the pregnant woman and the fetus.

“While caring for a surrogate mother it is the professional obligation of the obstetrician to support the well-being of the pregnant woman and her fetus, to support the pregnant woman’s goal for the pregnancy, and to provide appropriate care regardless of the patient’s plan to keep or relinquish the child. The obstetrician must make recommendations that are in the best interests of the pregnant woman and her fetus, regardless of prior agreements between her and the intended parents.”

This contrasts sharply with  California law since 1993 when the California Supreme Court approved surrogacy agreements for gestational surrogacy (Johnson v. Calvert). The court ruled that as between the genetic relationship of the woman who donated the egg, and the relationship of the surrogate, “she who intended to procreate the child-that is, she who intended to bring about the birth of a child that she intended to raise as her own-is the natural mother under California law.”

The parties who hired the surrogate should be the parents. By making this ruling, the Court signaled it’s intent to look at the intent of the parties to determine who was the parent.

How does the healthcare system respond to conflicts between the birth mom and the contracting parents? The ACOG Opinion requires the physician to support the goals of the pregnancy of the birth mother. The California Supreme Court (later codified), gives the mantel of parenthood to the parties who hired the surrogate. How does the doctor decide when the parties disagree?

California Case Demonstrates the Issues.

One California case demonstrates some of the issues (CM v. MC.) In the case, a 50-year old male postal worker who lived with his mother wanted a male child. Though a surrogacy agency, he contracted with a 47-year old women to carry his surrogate baby. The intended father and the surrogate mother never met. Through the broker, a 75-page agreement was signed. The agreement provided that the mother would receive $27,000, with a $6,000 bonus in the case of multiple pregnancies, that the woman would become impregnated by implantation of donor eggs fertilized by the postal worker’s sperm, and that the intended father would pay medical bills and insurance for the surrogate during the pregnancy. The agreement further provided that the intended father wanted a male child and that in the event of a multiple pregnancy, the intended father had the right to require “selective reduction” of the pregnancy.

The surrogate mother became impregnated by implantation, resulting in a pregnancy of three males. The surrogate mother either did not read or did not understand the agreement she signed. The agreement allowed the intended father to make a decision about selective reduction if there was a multiple pregnancy. The surrogate mother, however, did not believe in abortion. When the father instructed that she reduce the pregnancy, because he was running out of money and could not handle triplets, the surrogate mother refused. Litigation resulted. The end result was that the triplets were born and the intended father got custody.

Guidelines for Treating Surrogate Mothers

The following is a list of guidelines for caring for surrogate mothers.

First a warning: there is little legal guidance for many of these guidelines and there has been too little discussion about the legal obligations of the physician in these situations.
Get a copy of the Surrogacy Contract.

The purpose of obtaining this agreement is not to give legal advice or to make decisions based upon the agreement. Rather, knowledge of the agreement can give the obstetrician important information about the medical choices made by the parties. Some of them include:

a. HIPAA Waiver. Surrogate contracts usually give the intended parents the right to information about the pregnancy. This should be reviewed by compliance professionals. If it’s not sufficient, the practices’ HIPAA waiver should be offered to the surrogate so that the intended parents can receive information and possibly attend in office appointments.

b. Surrogate Mother’s Behavior During the Pregnancy. Standard contracts provide for behavior of the surrogate mother during the pregnancy, including diet, abstention from tobacco, achohol, drugs, etc., the utilization of vitamins, exercise, and frequency of visits to the physician. Agreements may even require treatment of the child before birth, like reading to the child, or music, or birth methods, etc.

c. Decision Points During the Pregnancy. The physician can take note of the obligations of the surrogate to make certain decisions, such as DNA testing, or selective reduction as described in the case above.

Note that there is some risk in obtaining the Surrogacy Contract:  By having knowledge of the terms of the agreement, a slighted party may try to sue the physician for a tort called “interference with contract.”  This would be an allegation that the physician intentionally attempted to get the surrogate to breach the contract.  There is no known case in the country for this cause of action at this time.

Follow The Instructions of the Surrogate Mother.

As the pregnancy unfolds, the ideal situation would be when the surrogate mother and the intended parents visit the physicians’ offices together, and they make joint decisions as the pregnancy proceeds. However, if there should be conflict, or if the physician is faced with a situation where the surrogate mother is not following the surrogacy contract, the physician should follow instructions of the surrogate mother unless and until the surrogate parents obtain a court order. The physician should stay out of any legal dispute.

Inform Intended Parents.

As long as the surrogate mother has allowed the intended parents access to medical information, and as long as such waiver of privacy is not terminated by the surrogate mother, the physician should share information about the pregnancy with the intended parents. If such privacy waiver is revoked, the physician should inform the intended parents of such revocation, and stop sharing information without a court order.

 Absentee Intended Parents.

Often, the intended parents are absent until the birth. In such cases, the physician should only follow the surrogates instructions during the pregnancy.
 After Birth Issues.

Generally, surrogate contracts allow intended parents to go into court and get an order of custody at the time of birth. If such an order exists, the intended parents would usually have the right to make all decisions regarding children born to surrogate parents. Without such order, the surrogate mother’s instructions should be followed.

This article is meant as guidelines in an area of law that has no real guidelines. Suggestions or different experiences are welcomed.

By Matt Kinley, Esq.  Founder of Kinley Law Practice.

Matt Kinley speaks to Obstetricians About Surrogacy Law

Matt Kinley, founder Kinley Law Practice, and Health Care attorney,  speaks to obstetricians about surrogacy law.

Informing physicians about dealing with surrogacy laws, attorney Kinley has developed a program to help obstetricians and other physicians to respond to concerns of surrogate parents and intended parents involved in surrogate contracts to deliver babies.

THE REQUIREMENTS FOR A VALID SURROGACY PARENTAGE CONTRACT IN CALIFORNIA

This is a two part series for physicians on some of the issues that arise with the medical treatment of surrogate mothers.  This first article deals with the surrogacy contract. 

California Family Code Section 7962 provides:

“The surrogate, her spouse, or partner is not a parent of, and has no parental rights or duties with respect to, the child or children.”

Adding an additional layer to the twenty-first century notion of the family, several children are born not from their mother, but from a third party surrogate. In California, couples seeking children with some genetic connection may use these contracts to pay a surrogate mother to carry the baby through pregnancy.

What is required for a legal contract? The California Supreme Court, in the 1993 decision of Johnson v. Calvert, held that such arrangements are permissible and that the intended mother — and not the surrogate — should be deemed a child’s mother. As of January 1, 2013, California law (AB1217) added to the Family Code the Uniform Parentage Act, cited as Family Code section 7962, which codified California’s acceptance of such contracts.

Physicians, particularly obstetricians, dealing with surrogacy pregnancies have unique legal and practical issues to face when dealing with the relationships between the intended parents and the gestational mother. These relationships are governed by a contract which is defined by the Uniform Parentage Act. Presenting a valid surrogacy agreement to the court rebuts any presumptions that the surrogate and her spouse are the legal parents of the child or children.

For a surrogacy contract to be valid under the statute, the contract must have the following information:

1. The date the contract was executed;

 
2. The names of the persons from which the gametes [ova and sperm] originated, unless anonymously donated;

3. The name(s) of the intended parent(s); and

4. A disclosure of how the medical expenses of the surrogate and the pregnancy will be handled, including a review of applicable health insurance coverage and what liabilities, if any, that may fall on the surrogate.

Additional requirements are that the agreement must be entered into before any embryo transfer begins; both the intended parent(s) and the surrogate must be represented by separate, independent counsel before executing the agreement; and the agreement must be signed and notarized.

The statute also establishes that, upon proof of a valid surrogacy agreement, the court will terminate the parental rights of the surrogate and her spouse “without further hearing or evidence, unless the court or a party to the assisted reproduction agreement for gestational carriers has a good faith, reasonable belief” that the agreement or accompanying attorney declarations were not executed in accordance with § 7962.  Surrogacy contracts will be deemed “presumptively valid” and cannot be rescinded or revoked without a court order.

The statute places no conditions on who can serve as a surrogate (beyond requiring that she not be genetically related to the fetuses) or who may solicit the services of a gestational carrier. No minimum levels of income, intelligence, age, or ability are required for either the surrogate or the intended parent(s).) The statute does not require that the intended parents shoulder all costs associated with surrogacy, and only states that the financial accommodations necessary for the arrangement are to be detailed in the surrogacy contract.

Note that these principles do not apply to “traditional surrogacy.” In a traditional surrogacy, the woman carrying the child is also the genetic mother – as a general rule, she conceives through artificial insemination with the intended father’s sperm, but using her own egg.  The law on traditional surrogacy in California remains very unclear, and it is possible that the “traditional surrogate” will be the legal mother and that one or both of the intended parents will end up having to adopt the child.

This is demonstrated in the case of In re Marriage of Moschetta (1994) 25 Cal.App.4th 1218. In that case, Robert Moschetta and Cynthia Moschetta wanted to have a child.  Cynthia was sterile.  Elvira Jordan agreed to be inseminated with Robert’s sperm, and to carry the baby to term for them.  Pursuant to the agreement, Elvira was to allow Robert sole custody, and was to consent to adoption of the child by Cynthia.  However, when the Moschettas broke up during her pregnancy, Elvira decided to keep the baby, although when the couple reconciled she relented and allowed the baby to go home with them.  Seven months later, the Moschetta’s broke up for good.  Cynthia petitioned the court, arguing that Cynthia was the baby’s legal mother, not Elvira, based on the terms of the surrogacy contract and the fact that the baby had lived with Cynthia for most of its short life.  In this case, the court held the Johnson v. Calvert did not apply, since Elvira was both the genetic and the gestational mother.  Enforcing a prebirth contract to give up one’s baby would go against the public policies relating to parentage and adoption.  Legally, Elvira was the mother and Robert was the father.

Finally, additional to as what is required, the agreement should deal with issues such as an agreement as to how the gestational mother will care for herself during the pregnancy, issues related to how the a pregnancy with multiple embryos will be dealt with, genetic testing and consequences as to deal with negative genetic tests, the sex of the child, and the surrogate mother’s conduct after birth.

By Matt Kinley, Esq., founder Kinley Law Practice.

 

WHAT ABOUT A MANAGEMENT SERVICES ORGANIZATION?

AVOIDING THE PROHIBITION AGAINST NON-PHYSICIAN OWNERSHIP OF MEDICAL ORGANIZATIONS

A management services organization (“MSO”) is an entity which would contract with a physician or a medical corporation owned and operated by physicians. The MSO could be owned by non-physicians.  The physician or medical corporation can pay the MSO for everything. Employees would work for the MSO; the MSO would pay for the lease.  The MSO would pay for all significant expenses and receive a fee for its services.

The Corporate Practice Medicine Doctrine (CPOM) is strong in California. Under this doctrine, physicians must control clinical decisions. The concern is that if business entities owned by non-physicians are permitted to control the rendering of care, they will subordinate clinical care to commercial considerations and profits. The objective, therefore, is to prevent non-physicians and non-physician-owned business entities from influencing treatment decisions.

This presents a significant constraint to physician business ventures. Specifically, if physicians or other clinical personnel work for entities other than professional medical corporations, they may be exposed to disciplinary risks, as well as to forfeiture of revenues.. For non-physician business partners, violating the CPOM may also bring both civil and, in extreme cases, potential criminal liability for engaging in medical practice without a license.

MSO

In California, the solution for avoiding violations of the CPOM in business ventures in which physicians work with businesses owned by unlicensed persons is a contractual relationship between the physician entity and the unlicensed business entity, or a “management services organization (MSO).” This is a business vehicle that permits unlicensed persons to provide services to physicians and their professional medical corporations. In its simplest form, an MSO provides basic practice support services to physicians and professional medical corporations via a contractual relationship, commonly known as a management services agreement. These services frequently include activities such as billing and collection, administrative support in certain areas, and electronic data interchange (e.g. electronic billing). Some MSO’s provide a broader set of services: the MSO may purchase many of the assets in a medical practice, such as office space or equipment. MSO’s can employ office support staff, and assist with a wide range of non-clinical functions. MSO’s can also assist in functions such as marketing. Often, MSO’s can reduce costs by bringing economies of scale and professional management experience into physician practices, thereby improving operational efficiency and reducing overhead costs.

the MSO must be carefully considered and constructed.  Review and application of relevant laws and regulations is a must.

By Matt Kinley, Esq. of the Kinley Law Practice

IS YOUR HEALTHCARE COMPLIANCE PROGRAM COMPLIANT?

HEALTHCARE COMPLIANCE

10 RED FLAGS

Under current law, physicians are required to maintain an effective, comprehensive compliance program to detect, correct and prevent incidences of non-compliance with state and federal regulatory law.  Goals of a comprehensive compliance program is to prevent the significant criminal and civil penalties that might come with a violation of the False Claims Act, Stark, the Anti-Kickback Statutes, HIPAA and state law equivalents. Failure to comply might lead to exclusion from health payments. Here is a summary of the core components of a complete compliance plan:

#1  MISSING OR INCOMPLETE WRITTTEN POLICIES, PROCEDURES AND STANDARDS OF CONDUCT

#2  PEOPLE:   NO COMPLIANCE OFFICER OR COMPLIANCE COMMITTEE

#3  TRAINING:  THE FACILITY LACKS EFFECTIVE TRAINING AND EDUCATION

#4.  COMMUNICATION:  THE FACILITY LACKS

#5.  PERSONEL:  FAILURE TO PUBLISH DISCIPLINARY STANDARDS & TO EFFECTIVELY DISCIPLINE VIOLATORS

#6.  NO SYSTEM TO AUDIT AND MONITOR ORGANIZATION COMPLIANCE AND COMPLIANCE RISKS

 #7  FAILURE TO CREATE PROCEDURES TO PROMPTLY RESPOND TO IDENTIFIED ISSUES AND SELF DISCLOSURE OBLIGATIONS

#8.  LACK OF SUPPORT FROM PHYSICIANS AND LEADERSHIP OF THE ORGANIZATION

#9.  FAILURE TO INSTITUTE PRIVATE HEALTH INFORMATION POLICIES

#10. FAILURE TO MONITOR NEW LAW AND UPDATE COMPLIANCE ACCORDINGLY

By Matt Kinley,Esq., LLM, CHC

562.715.5557

             

 

                

 

 

 

Sterilize Your Potential Liability

Is your business compliant with OSHA’s Bloodborne Pathogens Standard?

If you operate a business with employees that are exposed to blood or other potentially infectious materials (OPIM), your business is subject to OSHA’s Bloodborne Pathogens Standard (BPS) under the Code of Federal Regulations. In spite of its attempt to simplify these requirements on its online fact sheet, OSHA imposes a minefield of regulations for small to midsize businesses to navigate. This post provides a brief overview of the Bloodborne Pathogens Standard and what it means to your business.

Have an Updated Plan

All good businesses have a plan right? Well, OSHA adds to your plans by requiring an “exposure control plan.” 29 C.F.R. 1910.1030 (c)(1). Under this plan, employers must create a catalogue that classifies the employee positions in the company by the level of blood and OPIM exposure. 29 C.F.R. 1910.1030 (c)(2)(i)(A). Also, this plan must detail the tasks and procedures performed by each classification of employee that causes their exposure. 29 C.F.R. 1910.1030 (c)(2)(i)(C).

The Bloodborne Pathogens Standard not only requires the employer to have an exposure control plan but also requires that it be updated annually “to reflect changes in tasks, procedures, and positions that affect occupational exposure, and also technological changes that eliminate or reduce occupational exposure.” OSHA, OSHA’s Bloodborne Pathogens Standard, OSHA Fact Sheet.

In order to make these updates to the satisfaction of OSHA, the employer must also document in their plan that they both considered and begun using safer medical devices to minimize occupational exposure and engage with their employees “in identifying, evaluating, and selecting effective engineering and work practice controls.” OSHA, OSHA’s Bloodborne Pathogens Standard, OSHA Fact Sheet,  And we’re just getting started.

Don’t Discriminate

It is imperative under the Bloodborne Pathogen Standard that the precautions used to prevent an exposure incident are universal. 29 C.F.R. 1910.1030 (b). As OSHA explains, this means “treating all human blood and OPIM as if known to be infectious for bloodborne pathogens.” OSHA, OSHA’s Bloodborne Pathogens Standard, OSHA Fact Sheet.

Be Well Stocked With the Right Equipment

The Bloodborne Pathogen Standard requires the examination, maintenance, and routine replacement of “engineering controls.” 29 C.F.R. 1910.1030 (d)(2)(ii). What are engineering controls you ask? They are “controls . . . that isolate or remove the bloodborne pathogens hazard from the workplace” such as sharps disposal cleaners and self-sheathing needles among others. 29 C.F.R. 1910.1030 (b). In other words, take the garbage out on a regular basis. Employers must also provide appropriate personal protective equipment (PPEs) for employees with occupational exposure such as “gloves, gowns, laboratory coats, face shields or masks and eye protection, and mouthpieces, resuscitation bags, pocket masks, or other ventilation devices.” 29 C.F.R. 1910.1030 (d)(3)(i). These PPEs must be provided by the employer at no cost to its employees. Id.

Take Preventative and Remedial Measures

Hepatitis B vaccinations must be made available to all employees with occupational exposure after they have received training and within 10 working days of their initial assignment. 29 C.F.R. 1910.1030 (f)(2)(i). Should there be an exposure incident, you must “make available post-exposure evaluation and follow-up to any occupationally exposed worker who experiences an exposure incident.” OSHA, OSHA’s Bloodborne Pathogens Standard, OSHA Fact Sheet. The procedures the employer must follow after an exposure incident can become complicated with consent and health-related confidentiality issues regarding investigations of the source individual and the employee.

The requirements surrounding warning labels and signs communicating hazards are lengthy enough to warrant their own blog post. The main takeaway from the BPS requirements for labels and signs is this: Anything that comes into contact in any way with blood or OPIM must have a label or sign that warns against the dangers of exposure. As the Code of Federal Regulations states, warning labels must be affixed to “containers of regulated waste, refrigerators and freezers containing blood or other potentially infectious material; and other containers used to store, transport or ship blood or other potentially infectious materials. 29 C.F. R. 1910.1030 (g)(1)(i). There are also specific regulations relating to warning signs for all entry ways in HIV and HBV research laboratories and production facilities. See 29 C.F.R. 1910.1030 (g)(1)(ii).

This post only scratches the surface of OSHA’s Bloodborne Pathogens Standard. If you run a business that exposes its employees to blood and other potentially infectious materials, you must comply with these regulations under federal law. Operating a healthcare facility is no simple task even before considering regulations such as the Bloodborne Pathogens Standard. Protect your business and ensure you are complying with these detailed requirements.

By Matt Kinley,Esq., LLM, CHC

562.715.5557

California Physicians May Be Asked to Help with Assisted Suicide

PHYSICIANS CAN OPT OUT OF ASSISTED SUICIDE LAW

California was the most recent state to adopt the End of Life Option Act, codified at Health & Safety Code section 443. It basically allows a competent patient who has been diagnosed with a terminal illness to seek and obtain a prescription for the necessary drugs to be self administered.  The law is effective on June 9, 2016.

Aid-in-dying legislation has passed in Oregon, Washington, Vermont, and Montana.   Doctors in those states are permitted to prescribe drugs to terminal patients that they will use to end their lives.  The patients must meet certain requirements and undergo a set process to receive the medication.

California’s procedures, like the other states, seek to protect terminal patients from rash decisions or over-anxious relatives.  While patients may designate agents to make all sorts of health care decisions on the patient’s behalf, an agent is not able to request aid-in-dying drugs on behalf of a patient, and therefore these drugs cannot be requested through an advanced healthcare directive.

The  Act allows doctors, medical groups and hospitals to opt out of the law.    Most, if not all, religious hospitals are expected to reject the law.  Physicians are not required to prescribe life ending drugs to patients.  The California Medical Association dropped it’s opposition to the bill.  According to news reports, the state of California will pay for the costs of the drugs to be utilized.

According to the Act, the “aid-in-dying drug” means a “drug determined and prescribed by a physician for a qualified individual, which the qualified individual may choose to self-administer to bring about his or her death due to a terminal disease.”  The Act does not describe what the appropriate drug might be.

Health and Safety Code section 443.22 provides the physician with a checklist to be used if a patient seeks the end of life drug.  See, AttendingPhysicianChecklist

To summarize the requirements, in order for a person to seek aid-in-dying drugs, they must meet the following criteria:

  • The patient must be at least 18 years old
  • They must have capacity to make medical decisions
  • Diagnosed with a terminal illness by an attending AND consulting physician
  • The individual must voluntarily express the wish to receive the aid-in-dying drug
  • They must request the drug twice orally—such requests should be made 15 days apart
  • Must request by written request which is signed/dated and witnessed by two adults
  • Must be California resident (and provide proof of such residency)
  • Must have physical and mental ability to self-administer the drug
  • The decision must be confirmed that it is not due to coercion or undue influence
  • The attending physician must offer the qualified individual to withdraw or rescind the request

Upon filling the aid-in-dying prescription, the patient must complete a “Final Attestation for an Aid-in-Dying drug to End My Life in a Humane and Dignified Manner” form 48 hours prior to self-administering the drug.

Developments in the law should be closely monitored as it is likely that that state regulators may develop more detailed and specific standards when facing a terminal patient seeking end of life drugs.

By Matt Kinley,Esq., LLM, CHC

562.715.5557

INSURANCE COMPANIES SEEK TO DEFEAT THE SURGERY CENTERS

Various news organizations (for example, Law360) reported on Aetna’s jury verdict against Northern California surgery centers for over-billing the insurer for out-of-network procedures. The jury determined that the surgery center should pay $37.4 million in damages.  The complaint by Aetna included allegations that surgery centers waived patient co-pays and other fees, sales of shares to physicians (who received substantial ROI) in addition to the physician’s own fee for service and other “fraud.”

Other lawsuits with similar allegations are pending. United Healthcare Services has a complaint against several Bay Area ASC’s claiming the ASCs’ bills are artificially inflated, that the providers utilizes different charges for different patients (out-of-network charges being the highest), that the ASCs failed to disclose waiver of co-pays, and inappropriate incentives to physicians for referring patients to the ASC.

The insurers in these cases are attempting to utilize the courts to stop out-of-network billings, especially for ASCs.   The conduct they are complaining about is a common issue of our medical landscape.  Surgery centers are typically physician owned and tend not to have insurance with the typical plans that exist.  Physicians will often promote the ASC as providing superior service, especially compared with alternative medical centers and hospitals.  In order to encourage the patient to have procedures at a facility which does not accept their insurance, the physician and the ASCs will often assure the patient that they will seek reimbursement from the out-of-network insurance provider and that any service received will be at no cost to the patient.  Freed from in-network contracts, these facilities seek their “reasonable fees” from the insurer.

The current litigation will certainly lead to appeals and opinions by courts that will alter the legal landscape. The facts in the Aetna case appear to include evidence of communications between physicians encouraging referrals to the surgery centers, which would appear inflammatory to the jury.

 

However existing law does not appear to support the insurers claims.  For instance, the Accountable Care Act actually requires discounting co-payments for out-of-network emergencies. (“Any cost-sharing requirement expressed as a copayment or coinsurance rate imposed with respect to a participant, beneficiary, or enrollee for out-of-network emergency services cannot exceed the cost-sharing requirement imposed with respect to a patient, beneficiary or enrollee if the services were provided in network.” 45 C.F.R. 147.138.)  The California Attorney General that waiver of copayments for out-of-network insurance companies was appropriate.  (Dentists routine waiver of co-pay appropriate. 64 Ops. Cal. Atty. Gen. 782 (1981).) Discounts to encourage patient referrals is not impermissible. (People v. Duz-Mor Diagnostic Laboratory, Inc. (1998) 68 Cal. App. 4th 654.)  Likewise, it is legal for physicians to refer to surgery centers where they have a financial interest. (California Business Code section 650(d).)

Providers who routinely bill to out-of-network providers should monitor these cases closely. The Courts will be making ground-making decisions in this area in coming months.

By Matt Kinley, Esq, LL.M.  Mr. Kinley represents health care clients in Southern California.

Los Angeles Medical Association: Navigating the Hornet’s Nest of Reimbursement

Matt Kinley Speaks to Los Angeles County Medical Association on March 23, 2016.  Contact Mr. Kinley at mkinley@tldlaw.com if your interested in attending.

photo

HHS TO CREATE NEW CYBERSECURITY REGULATIONS FOR HEALTH CARE

CONGRESS DIRECTS ACTION IN HEALTHCARE CYBERSECURITY

In December of 2015 Congress passed a 2000-page spending bill which was enacted into law. Included in the text was the Cybersecurity Information Sharing Act of 2015 (CISA). While that legislation received most of the headlines, the spending bill also implemented some major developments in the field of privacy for the healthcare industry. Section 405 of Title IV directs the Department of Health and Human Services (HHS) to develop best practices for organizations in the healthcare industry.

The legislation mandates HHS to report to Congress regarding the preparedness of the health care industry in responding to cybersecurity threats. This includes identifying the HHS official responsible for coordinating threat efforts and including plans on how HHS divisions communicate with one another regarding threats. Congress also mandated a one-year task force to plan a threat reporting system in real time, and to prepare a cybersecurity preparedness information for dissemination in the healthcare industry. Most notably, HHS has been directed to collaborate with other governmental entities and experts to establish a best practices standards specific to healthcare cybersecurity. The intent is to create an industry standard and cost-effective method to reduce cybersecurity risks for healthcare organizations.

Inclusion of Section 405 of the Cybersecurity Act of 2015 reinforces the federal government’s well-established priority of protecting personal health information. Protection is necessary because of the high value of personal health information on the black market. According to the The Insurance Journal, a complete health record containing a patient’s entire health profile can fetch as much as $500. The value is based on the ability of lawbreakers to fraudulently bill insurers for medical services. Compared to industries like the credit card payment industry—which has implemented its own cybersecurity standards—the healthcare industry is woefully behind in its efforts to protect valuable private information.

Healthcare facilities, both public and private, should stay ahead of HHS and develop their own internal policies, security measures, and best practices to protect confidential information of their patients. While guidance form HHS in the future will help establish industry standard best practices, healthcare providers should evaluate their cybersecurity needs and work with experts—attorneys, technologists, and governmental agencies—to stay ahead of the curve. Undoubtedly the attention given to healthcare cybersecurity in the next years will increase the scrutiny on healthcare providers who fail to meet industry standards.

By Matt Kinley,Esq., LLM, CHC

562.715.5557