It’s Monday morning, time for what Ed Silverman calls a “ritual cup of stimulation,” and time for our Monday Morning Recap, the post where we call out recent drug and device law and policy developments that caught our eye and made us think…
1. At USA Today, Peter Eisler and Christopher Schnaars report that “[t]wo years after contaminated drugs linked to a compounding pharmacy in Massachusetts killed 64 and sickened more than 750 with fungal meningitis, the industry still struggles with serious safety problems affecting thousands of patients … A regulatory crackdown by the U.S. Food and Drug Administration since the outbreak in October 2012 has led to an unprecedented spate of drug recalls by compounding pharmacies — and scores of citations for bad practices.“
2. At the Food and Drug Administration’s FDAVoice blog, Jean Hu-Primmer discusses a new joint effort between FDA, the Biomedical Advanced Research and Development Authority (BARDA), and the United States Critical Illness and Injury Trials Group (USCIITG) “to gather important information about medical countermeasures used during public health emergencies.” Among other things, the project will work to “address challenges with collecting and sharing data rapidly in emergencies, including streamlining electronic case reporting for clinical trials and rapidly disseminating key findings to FDA and other stakeholders to support clinical decision-making. … USCIITG will also develop and pre-position a simple influenza treatment protocol in 10 hospitals throughout the U.S. during the 2015-2016 influenza season. The project will help doctors more easily use an investigational treatment protocol for patients with severe influenza, and test the data collection and reporting system during peak times. The goal is to help streamline the process during future influenza seasons and emergencies.”
3. At Bloomberg BNA’s Health Care blog, Alex Ruoff reports that “[n]early 60 health information technology groups and various industry associations are circulating a letter among member of Congress asking for legislation that clarifies the Food and Drug Administration’s authority to regulate health IT products. The letter was also sent to Health and Human Services Secretary Sylvia Mathews Burwell and called on lawmakers to pass legislation reflecting health IT oversight recommendations made earlier this year by three federal agencies, including the FDA and the Office of the National Coordinator for Health IT. The proposed legislation would ‘provide much needed statutory clarity and a stable foundation for continued innovation in health IT’ by establishing parameters, defined by the framework, for the FDA to oversee health IT products, the letter said.”
4. And at Bloomberg BNA’s Life Sciences Law & Industry Report, Nicole Ostrow summarizes the results of an analysis in the Annals of Internal Medicine that found that “[researchers] with financial ties to flu drug companies more often reported positive findings in their studies of the treatments… Christine Laine, editor in chief of the Annals and a senior vice president at the American College of Physicians in Philadelphia, said there’s a lot of confusion for doctors because of the conflicting findings among the studies of the flu medicines. Today’s results provide some insight into why the literature on this topic has been ‘inconsistent.’“
5. Finally, I can’t recommend it yet, because I it hasn’t climbed to the top of the pile yet, but I am looking forward to reading this month’s Health Affairs, on Specialty Pharmaceutical Spending & Policy, cover to cover. (I did sneak a peak at the Narrative Matters piece, by Leana Wen, in which “[a] doctor who stutters confronts the stigma against patients—and providers—with disabilities.” It’s off the topic of drug and device law and policy, but of general interest and very thought-provoking.)
Filed under: Health Law, Information Technology
In collaboration with the Bergen County Prosecutor’s Office; 6 NJ/NY CLE credits. Click here for more information or to register.
Helen Oscislawski, Privacy Risk Assessments and Privacy Challenges
Helen Oscislawski is the founder of Oscislawski, LLC in Princeton. She provides legal guidance on HIPAA, HITECH, state privacy laws, electronic health information exchanges and health information technology to HIEs, RHIOs and ACOs, and counsels other healthcare clients in various matters.
Ms. Oscislawski was appointed by Governor Jon Corzine in 2008 to the New Jersey Health Information Technology Commission (NJHITC) and was reappointed to the NJHITC by Governor Chris Christie in 2010 where she also served as Chair of the Privacy and Security Committee for NJHIT Coordinator. She is the primary author of Update to Privacy and Security Compliance Manual, which was developed for the New Jersey Hospital Association and, most recently, she has developed and authored several editions of the HIPAA-HITECH Helpbook, a manual that combines tools and sample forms that address HITECH changes, state law and other considerations and Meaningful Use and Health Information Exchanges.
Before founding Oscislawski, LLC, Ms. Oscislawski was a healthcare attorney at Fox Rothchild in Princeton, New Jersey, where she counseled healthcare clients on a wide range of legal matters. She received her BA from Rutgers University, Douglass College and her JD from Rutgers School of Law.
Frank Pasquale, Professor of Law, Seton Hall Law School, The Past, Present and Future of Health Privacy
Professor Frank Pasquale is the Schering-Plough Professor in Health Care Regulation and Enforcement at Seton Hall Law School. Professor Pasquale has taught information and health law at Seton Hall since 2004. He has published over 20 scholarly articles. His research agenda focuses on challenges posed to information law by rapidly changing technology, particularly in the health care, internet, and finance industries.
Professor Pasquale is an Affiliate Fellow of Yale Law School’s Information Society Project. He has been named to the Advisory Board of the Electronic Privacy Information Center. He has served on the executive board of the Health Law Section of the American Association of Law Schools (AALS), and has served as chair of the AALS Section on Privacy and Defamation.
Professor Pasquale received his BA from Harvard University (summa cum laude), his M.Phil. from Oxford University, and his JD from Yale Law School.
Jaime S. Pego, Director, Healthcare Advisory Services, KPMG LLP, (along with Joy Pritts, Mark Swearingen, and Frank Pasquale, Moderator) Panel Discussion: The Practical Steps Necessary to Promote Privacy and Cybersecurity in Modern Healthcare Organizations
Jaime S. Pego is a Director in the Short Hills, New Jersey, office of KPMG LLP’s Healthcare Advisory Services Practice and serves as the firm’s National HIPAA Privacy Director. She has substantial experience in healthcare regulatory compliance and healthcare-related advisory services.
Ms. Pego works with a variety of healthcare clients to assist with identifying and preventing compliance risks and complying with federal and state regulations. Her work for KPMG includes serving as lead director for OCR HIPAA audits, as well as acting as Privacy Lead for the KPMG HIPAA national service line assisting covered entities and business associates with HIPAA compliance. She has conducted internal investigations concerning a variety of topics, including fraud and abuse, HIPAA violations, as well as other legal and regulatory matters, and researched and developed compliance policies for institutions in the areas of gifting under the Anti-Kickback Statute and Stark Law, the DRA, HIPAA, EMTALA and others. She participates in the KMPG National HIPAA working group to develop tools and methodologies for client needs, and conducts and manages ICD-10 Impact Assessment at a variety of healthcare organizations to help identify gaps in ICD-10 readiness. She has also served as the firm’s lead manager for health care reform legislative analysis and research.
Prior to coming to KPMG, Ms. Pego was a Local Compliance Officer at a teaching hospital and outpatient center for one of New Jersey’s largest health care systems and has worked with some of the country’s leading health systems. She received her BA from American University and her JD from Seton Hall University School of Law, with a Concentration in Health Law, and is Certified in Healthcare Compliance (CHC) by the Health Care Compliance Association (HCCA).
Joy Pritts, Chief Privacy Officer, ONC, HHS, Meaningful Use Regulations: What Providers Need To Know To Comply
Joy Pritts joined the Office of the National Coordinator for Health Information Technology (ONC), Department of Health & Human Services in February 2010 as its first Chief Privacy Officer. Ms. Pritts provides critical advice to the Secretary and the National Coordinator in developing and implementing ONC’s privacy and security programs under HITECH. She works closely with the Office for Civil Rights and other operating divisions of HHS, as well as with other government agencies to help ensure a coordinated approach to key privacy and security issues.
Prior to joining ONC, Ms. Pritts held a joint appointment as a Senior Scholar with the O’Neill Institute for National and Global Health Law and as a Research Associate Professor with the Health Policy Institute, Georgetown University. She has an extensive background in confidentiality laws including the HIPAA Privacy Rule, federal alcohol and substance abuse treatment confidentiality laws, the Common Rule governing federally funded research, and state health information privacy laws.
Ms. Pritts received her BA from Oberlin College and her JD from Case Western Reserve University.
Anna Spencer, Esq., Sidley Austin, LLP, Data Breaches/Data Breach Notification Requirements and the Need for Encryption
Anna Spencer is a partner in Sidley Austin’s Washington, D.C. office whose practice focuses on health care. Ms. Spencer primarily works on matters involving the privacy and security of health information and she is the firm’s global coordinator for health information privacy. She regularly counsels a broad range of clients on healthcare information privacy and security issues. This includes assisting clients with respect to HIPAA and HITECH and has significant experience in investigating and responding to data breaches and information security incidents. She has represented clients in connection with data breach reporting obligations under the HITECH regulations for breaches of protected health information and defended health care providers in investigations initiated by the Office of Civil Rights, Department of Health and Human Services.
On behalf of covered entities and entities that qualify as HIPAA business associates, Ms. Spencer has developed multiple HIPAA privacy and security compliance and training programs. She has negotiated hundreds of Business Associate Agreements on behalf of various clients.
Ms. Spencer has spoken on privacy/security matters on behalf of numerous groups such as BNA and the American Conference Institute. She has authored a variety of articles on privacy/security issues, Medicare coverage, and fraud and abuse. She is currently authoring a book for BNA on health information privacy. Ms. Spencer received her BA from Sewanee and her JD from Vanderbilt University School of Law.
Mark Swearingen, Esq., Hall, Render, Killian, Heath & Lyman, PC, HIPAA and HITECH Trends (Enforcement and Otherwise)
Mark Swearingen coordinates the HIPAA practice and provides counsel on health information privacy and security matters such as breach response and notification and the creation, use, disclosure, retention and destruction of medical records and other health information at the Indianapolis law firm, Hall, Render, Killian, Heath & Lyman, P.C. His counsel to clients also includes a variety of health care topics related to regulatory compliance, physician and clinical services contracting, risk management and Independent Review Organization services. He has provided such services to a broad spectrum of health system, hospital, physician practice, diagnostic imaging center, ambulatory surgical center and long-term care facility clients.
Mr. Swearingen has spoken and written nationally and regionally on numerous topics, including antitrust, electronic medical records and health information privacy and confidentiality. He is an adjunct professor of a course in Law and Medicine at the Indiana University School of Informatics at IUPUI.
Mr. Swearingen received his BA from Indiana University and his JD from Seton Hall Law School.
Seton Hall Professor and Health Care Regulation Expert Frank Pasquale to Present Draft White Paper Outlining Options and then Moderate a Discussion on its Pros and Cons with Fellow Academics
Washington, D.C. – Seton Hall University School of Law hosted an academic roundtable discussion on how our current healthcare law will respond to the new technology environment – in particular, maintaining privacy for consumers as the health industry expands adoption of cloud computing, on Friday, March 22, 2013. Seton Hall Professor Frank Pasquale moderated the event, “The Future of HIPAA and The Cloud,” and also released a white paper he coauthored with Tara Adams Ragone on the challenges that cloud computing technologies pose to the Health Insurance Portability and Accountability Act (HIPAA).
As the recent HIPAA Omnibus Rule showed, regulation must both reflect and shape technological advances. As stakeholders face new challenges and opportunities, the roundtable asked: What is the future of HIPAA in the cloud? How will patient data be used? What is the role for third party vendors? And who should be held responsible for security breaches in the cloud?
White paper abstract:
This white paper examines how cloud computing generates new privacy challenges for both healthcare providers and patients, and how American health privacy laws may be interpreted or amended to address these challenges. Given the current implementation of Meaningful Use rules for health information technology and the Omnibus HIPAA Rule in health care generally, the stage is now set for a distinctive law of “health information” to emerge. HIPAA has come of age of late, with more aggressive enforcement efforts targeting wayward healthcare entities. Nevertheless, more needs to be done to assure that health privacy and all the values it is meant to protect are actually vindicated in an era of ever faster and more pervasive data transfer and analysis.
After describing how cloud computing is now used in healthcare, this white paper examines nascent and emerging cloud applications. Current regulation addresses many of these scenarios, but also leaves some important decision points ahead. Business associate agreements between cloud service providers and covered entities will need to address new risks. To meaningfully consent to new uses of protected health information, patients will need access to more sophisticated and granular methods of monitoring data collection, analysis, and use. Policymakers should be concerned not only about medical records, but also about medical reputations used to deny opportunities. In order to implement these and other recommendations, more funding for technical assistance for health privacy regulators is essential.
As health providers and patients use more technology, new ways of addressing health care disparities are emerging. In 2009 Congress passed important federal legislation that addresses the digital infrastructure for medical care, the Health Information Technology for Economic and Clinical Health Act (HITECH). Recently in 2010, Congress passed the Patient Protection and Affordable Care Act (PPACA), which reduced barriers to health information technology (HIT). In line with the technological spirit of both laws, this blog post focuses on online social networking as a digital health care solution for elderly Hispanics who face disparities in the care that they receive.
Hispanics in the United States are twice as likely as non-Hispanics to lack a regular primary care physician (PCP). Those Hispanics that do not have a PCP suffer because they tend to experience disparities in health care when compared to other patient populations. Real-time health care-focused social networking sites (SNSs) or applications within an established SNS can provide beneficial health care solutions for vulnerable patient populations such as elderly Hispanics. One-way in which a SNS can benefit elderly Hispanics and reduce their health care disparities is by supporting the Patient-Centered Medical Home (PCMH) with digital applications. In fact, if real-time social networking transpired among 1) patients, 2) patients and their health care providers, and 3) between health care providers, elderly Hispanics could potentially receive better care.
As the role of HIT increases, it has led to a growing interest in understanding the potential role of HIT in “addressing healthcare disparities among racial and ethnic minority populations.” In order to properly evaluate the potential of HIT to address health care disparities, “adoption and utilization barriers must be understood.” Because this blog post is concerned with social networking sites, the discussion here will focus on social media and its emergence as “a potent resource among healthcare consumers.” Some studies have shown that “social media utilization patterns by race suggest potential opportunities to help address healthcare disparities via” increased communication between patients and physicians.
Social media has begun to infiltrate the health care system in several ways. First, entrepreneurs who understand “health care trends and consumer demands are leading creative business startups that are developing health-oriented social networks, health content aggregators, medical and wellness applications, and tools to enable health-related vertical searches (searches focused on a specific content area).” There are a growing number of condition-specific communities such as patientslikeme, QuitNet, and CureTogether.
Although there are many benefits to HIT, there are also barriers that prevent physicians from adopting HIT. One major benefit stemming from HIT is that it can lead to positive communication in “which providers share thoughts, opinions, and information by speech, in writing, or through peer professional or social networks [which have] been shown to be associated with provider health IT adoption.” One major issue is the inability of electronic health records (EHRs) and HIT systems to communicate with each other, the impact of HIT on clinical workflows, and the absence of technical assistance for office staff and physicians. Additional barriers from the patient perspective will exist if a patient does not perceive a benefit to be gained from using technology; in fact, without a perceived benefit they are highly unlikely to use it. There is also the perception that patients might be too busy to incorporate HIT into their busy everyday lives. Also there may be “poor computer knowledge, literacy, and skills ” prevalent among target populations which could benefit from HIT. Additionally, “lack of cultural relevance as well as privacy and trust concerns all have been reported as barriers to the use of [consumer health informatics] tools and applications.” In framing technological health care solutions for a minority population such as Hispanics, it is important to consider cultural issues in any implementation because cultural issues could deter use by a given patient population.
There are several proposed ways in which HIT can reduce health care disparities. For example, if clear and accurate patient information were to be presented to a physician in an electronic setting it could lead to the promotion of high-quality personalized care and reducing select health care disparities. Additionally, EHRs could provide the physicians that serve elderly Hispanics more accurate information and help them make better treatment decisions. The largest benefit would be the ability to connect “physicians with other [physicians or patients]…[and also] tools such as e-mail, e-consultation, e-prescribing, [which could] enable providers to connect with other healthcare professionals” in a more fluid manner.
It is important that the above mentioned benefits are implemented in communities where there are underserved Hispanics or other vulnerable patient populations. It is urgent that those with the highest health care disparities benefit from such technologies because historically their needs have not been met. Scholars have already noted that “telemedicine, remote monitors and sensors, patient e-mail, and increasingly the Internet and social media, connect providers and healthcare systems to patients and caregivers.” The idea is that greater communication can reduce health care disparities. When dealing with a historically vulnerable patient population such as elderly Hispanics who face various types of social issues, I believe that easier access to their health providers can make a big difference in improving their health care outcomes.
An HIT tool that connects providers with patients could reduce health care disparities by “enabling increased monitoring of important clinical parameters” in a way that is not currently taken advantage of for minority patients. Increased communication will allow physicians to stay in contact and monitor their sickliest patients through enhanced doctor-patient communication. As technology and health care merge, it is vital that vulnerable patient populations, such as elderly Hispanics, are identified so that they can be included in the technological healthcare solutions being proposed.
Felipe De Los Santos is in his last year at Seton Hall University, School of Law. Felipe is set to graduate from Seton Hall in May 2013 with a Health Law Concentration. He graduated from Connecticut College in 2007 with a B.A. in English and Economics. From 2007-2009, he worked in finance as a Consultant for ALaS consulting between New York and Delaware. During his first year of law school Felipe interned with the New York State Majority Leader (2009-10).
Presently Felipe works as a Project Manager for a New York State health care company in the Community Based Programs division. Felipe manages and develops projects that focus on chronically ill elderly patients in New York City. As part of his responsibilities Felipe develops marketing strategies and action plans to support targeted patient populations who can benefit from managed long-term care. Currently, Felipe is involved in launching a Medicare/Medicaid Advantage Plan. Felipe’s work with vulnerable patient populations and interests in technology, have made the crossroad of technology and healthcare an interest that he has written about in law school. Felipe’s health reform interests include improving health care access and outcomes for vulnerable patient populations.
Felipe may be reached at email@example.com
I have hinted at problems with uniform trade secrecy laws in this volume and a law review article. I plan to continue that line of research in a co-authored work with Dave Levine, exploring the costs of trade secrecy in the finance, energy, and communications sectors. When it comes to “solutions,” I’m increasingly inclined to frame the issue as: how do we operationalize the insights of Michael Carroll’s “Uniformity Costs” concept? In other words, how do we shape doctrine so that it respects the unique economic conditions (and moral imperatives) related to specific industries?
One way to do so is to insist on the autonomy of a subject matter defined legal field (versus the trans-substantive aspirations of, say, contract, property, or intellectual property law). The “law of the horse crowd” usually assails that autonomy by warning about the distortionary affects of applying different laws to different sectors. Health law professors shared that worry for a while, debating whether health care law is a “coherent field.” But that anxiety seems to have faded as a distinct arena of health care economics develops and lawyers set to work implementing the massive HITECH and PPACA legislation passed in 2009 and 2010. The stage is now set for a distinctive law of “health information” to emerge, as third party payers and government use their leverage in the sector to tamp down counterproductive IP- and contract-based corporate strategies.
The law of health information is neither more “open” nor more “closed” than information law generally. Free access should be dictated in areas of extreme personal or societal need; in other cases, it may be right to force high payments, either ex ante via taxes, or ex post via high prices, from those with the ability to pay. Privacy should play a far more important role here than it does in the usual Wild West of internet data collection and processing. But once data is truly anonymized, the research imperative for access is perhaps more pressing than in any other area of law (except, perhaps, national security.).
For a recent controversy where laws of copyright seem inappropriate in a medical setting, check out this story:
According to the New England Journal of Medicine, after thirty years of silence, authors of a standard clinical psychiatric bedside test have issued take down orders of new medical research. Doctors who use copies of the bedside test which will have been printed in some of their oldest medical textbooks are liable to be sued for up to $150,000. . . . [E]ven the ghosts of positively ancient abandoned copyrights for the very simplest of ideas can be used to block new medical work through legal bullying.
The “thirty years” of silence part makes me want to look into a laches claim. The simplicity of the test also seems to invite a merger defense. On the other hand, perhaps the best answer is compulsory licensing, which should have gotten more attention during the SOPA/PIPA flap. Whatever solution is optimal, the implication of the NEJM piece is clear: health professionals believe their field deserves some autonomy from the normal laws of intellectual property. Popular reaction against secret prices of medical devices and hospital procedures also reflects that view.
In many areas, such rebellions against pricing the priceless have translated into general skepticism about intellectual property. In health care, they may lead to something different: a health information law distinct from the IP and privacy laws of general application.
An eminence grise of cyberlaw once told me that he got into the field in the 1980s because it was one of the few areas where things were “up for grabs” enough that a creative scholar could still have an influence. An elder statesman of the IP field told me that it had gone into “normal science” mode as of 2004 or so. Perhaps those who still want “paradigm shifts” need to work heavily regulated fields like health information law, where government policymakers are more regulators for (rather than instruments of) vendors and providers.