Category: Health Care Law

Important Guidance for IRS Tax Filers

Due to the situation created by the coronavirus, we’ve been fielding questions from clients, co-workers and accountants about potential changes in the tax filing and tax payment deadlines, as well as other IRS administrative issues such as examinations, collection actions and payment plans.

Because the president declared a national emergency, the IRS has broad powers under statute to extend certain deadlines. The IRS also has broad administrative authority. As of the date and time of this email, there has been no official guidance issued on extending the April 15 deadline for the filing of income tax returns. However, statements made on March 17, 2020 by Secretary of Treasury Mnuchin suggest that the government will allow a 90-day deferral of tax payments to the IRS.

Under this program, individuals can defer up to $1 million of tax payments, and corporations can defer up to $10 million, with no penalties and interest for 90 days. This program does appear to require the filing of a tax return first in order to obtain the deferral. Many questions on this program remain, and Varnum’s tax team will provide updates as they evolve.

Out of an abundance of caution, individuals may want to file an extension (Form 4868) prior to the filing deadline. This is NOT an extension in time to pay. As such, the first quarter tax estimates are due April 15 as is any shortfall in the expected 2019 tax liability. Please note, with respect to the payment deferral program, the secretary has not clarified whether the extension form or the estimated tax payment voucher falls under the definition of “return” for the payment deferral program. Finally, there are some safe harbors for estimated tax payments that may apply. Check the IRS website or talk to a tax advisor.

Tax preparers should check with the IRS employee assigned to any matter for the case status, including document requests, etc. If your client is honoring an IRS levy on an employee at this time, those obligations are still in force unless notified otherwise by the IRS. Some deadlines such as filing a Tax Court Petition for relief are statutory in nature and still valid.

© 2020 Varnum LLP

More on tax laws or the coronavirus outbreak on the National Law Review.

Families First Coronavirus Response Act: Paid Leave now Required for Absences Related to the Coronavirus (COVID-19)

Early Saturday, March 14, 2020 the House of Representatives passed the Families First Coronavirus Response Act (the “Act”). The Senate is set to take this matter up on Monday, March 16, 2020 and President Trump stated that he will immediately sign the legislation. The Act has many facets to it including new temporary employer obligations relative to paid leaves of absence related to the Coronavirus (COVID-19) and expands employer obligations under the Federal Family and Medical Leave Law. Employers have time to prepare as the law will be effective 15 days after enactment (potentially as soon as March 31, 2020, if signed Monday). While there is much remaining to be analyzed under this new law, the following provides an initial overview so employers can begin preparations for compliance and education of the workforce.

Expansion of FMLA rights

First, the Act expands the pool of employees that qualify for federal FMLA leave. The Act will require employers with fewer than 500 employees1 (and all government employers) to provide employees who have been employed for at least 30 days with FMLA leave for Coronavirus reasons if:

  1. The employee is absent from work due to the employee’s physical presence jeopardizing the health of others due to exposure to the Coronavirus or due to the employee exhibiting symptoms of the virus;
  2. The employee will care for a family member who a health care provider or a public health authority determines has been exposed to the Coronavirus or who exhibits symptoms of the virus; or
  3. The employee is needed to care for a son or daughter under 18 because a school or a place of care (daycare) has been closed or the child care provider is not available.

The definition of “family” in the application of the above requirements is expanded to include family members who are senior citizens, grandparents, grandchildren, next of kin of the employee or is a son or daughter with special needs. The definition of “spouse” also includes domestic partners, as defined under the law.

The rights and remedies available to an employee under the federal FMLA remain the same. Therefore, we recommend that employers review existing procedures and forms utilized to determine FMLA eligibility and update those materials to recognize the Act’s broadened scope.2

Enhanced Right to Paid Time Off

The Act also mandates that employers provide “Emergency Paid Sick Leave.” This benefit is available to employees to:

  1. Self-isolate because of a Coronavirus diagnosis;
  2. Obtain medical diagnosis or care if the employee is experiencing the symptoms of the Coronavirus;
  3. Comply with an order of a public official or Health Care Provider that physical presence at work would jeopardize the health of others due to the employee’s exposure to the Coronavirus or because the employee is exhibiting symptoms of the illness;
  4. Care for a family member of the employee due to the family member’s self-quarantining based upon exposure to the virus or because the family member is exhibiting symptoms and requires medical diagnosis or care; or
  5. Care for a child of the employee if a school or place of care has been closed or the care provider for the child is unavailable.

If an employee meets one or more of these qualifications, the Act provides that the employee is entitled to Emergency Paid Sick Leave. Specifically, full-time employees will have 80 hours of sick leave available to them and part-time employees will have their average hours of work over a 2-week period available as Paid Sick Leave. If the employee has variable hours of work each week, the employee’s average hours of work over the preceding 6 months will be used to determine the employee’s average hours per week. The sick leave benefit will be paid at the employee’s regular rate of pay for any absence due to the employee’s own treatment or quarantine. The sick leave benefit will be paid at two-thirds of the employee’s regular rate of pay for any absence to care for a family member or to provide child care due to school or daycare closure.

If an employee needs leave beyond the 2-weeks for Emergency Paid Sick Leave and continues to meet the requirements associated with the Act’s mandate for paid leave under the FMLA, the employee will be paid not less than two-thirds of the employee’s regular rate of pay (or minimum wage, if greater) for the regular hours of work missed, to the extent of the employee’s already-existing available FMLA leave. The changes to the FMLA under the Act will expire on December 31, 2020.

Finally, for employee absences associated with non-FMLA qualifying reasons (e.g., an employer’s decision to send an employee home because the employee is exhibiting flu-like symptoms), the employee may be eligible for Unemployment Insurance benefits beginning in the first week of absence. This provision will expire on December 31, 2020.

It is important to understand that the Act entitlement represents the “floor” of entitlement. In other words, employers will not enjoy a reduced obligation to provide Paid Sick Leave if it already offers Paid Sick Leave to employees. The Paid Sick Leave under the Act is in addition to what the employee may already be entitled to in employment. However, there will not be any carryover right for unused Sick Leave granted under the Act.

Again, it is important that employers revisit their protocol for determining eligibility for paid sick leave and prepare to implement the new mandate. Likewise, employers providing Paid Sick Leave and absence benefits should carefully log the wages paid related to compliance. As of now, the Act anticipates a tax credit available for sick leave wages paid to employees, subject to caps established under the law.

1 Exemptions for small employers (fewer than 50 employees) and certain emergency and healthcare workers continue to be discussed.
2 The DOL will be issuing a Notice related to the new requirements that must be posted along with other employment related Notices to employees.

©2020 von Briesen & Roper, s.c
For more on the developing Coronavirus situation, see the National Law Review dedicated Coronavirus News page.

U.S. Health & Human Services – Office of Civil Rights Issued Guidance Regarding HIPAA Privacy and Novel Coronavirus

The Office of Civil Rights (OCR) last month provided guidance and a reminder to HIPAA covered entities and their business associates regarding the sharing of patient health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule during an outbreak or emergency situation such as what we are all facing right now with the Novel Coronavirus (2019-nCoV) outbreak.

The OCR guidance focused on sharing patient information in several areas, including: treatment, public health activities, disclosures to family, friends, and others involved in an individual’s care, and disclosures to prevent a serious and imminent threat.

The HIPAA Privacy Rule allows a covered entity to disclose PHI to the Center for Disease Control (CDC) or to state or local health departments that are authorized to collect or receive such information, for the purpose of preventing disease and protecting public health.  This would include disclosure to the CDC, and/or state or local health departments, of PHI as needed to report prospective cases of patients exposed to or suspected or confirmed to have Novel Coronavirus.

The OCR message in the guidance document is clear and it emphasized the balance between protecting the privacy of patient PHI and the appropriate uses and disclosures of such information to protect the public health. For more information and resources, see the HHS interactive decision tool which provides assistance to covered entities to determine how the Privacy Rule applies to disclosures of PHI in emergency situations.

Copyright © 2020 Robinson & Cole LLP. All rights reserved.

For more on HIPAA regulation, see the National Law Review Health Law & Managed Care section.

Coronavirus – Further Updates on Travel Impact

As the Centers for Disease Control and Prevention (CDC) and World Health Organization (WHO) continue to monitor the current and potential impact of the coronavirus (COVID-19) in the United States and worldwide, the CDC and the Department of State (DOS) have updated their travel guidance by issuing warnings about new countries and raising the threat levels of previously named countries. Further, President Trump has issued a proclamation that temporarily suspends entry to the United States for foreign nationals who have been physically present in Iran within the last 14 days. We outline below the current travel advisories and will continue to provide updates as new information becomes available.

Iran:

The CDC issued a Travel Advisory alert on Iran at the Warning—Level 3 category, recommending that travelers avoid all nonessential travel.

On February 29, 2020, through a Presidential Proclamation, the U.S. government announced that effective today, March 2, 2020, at 5:00 p.m. eastern time, that it was suspending entry of foreign nationals, both immigrants and nonimmigrants, who were physically present in Iran within the last 14 days preceding their entry into the United States.

Italy:

The CDC issued a Travel Advisory alert on Italy at the Warning—Level 3 category, recommending that travelers avoid all nonessential travel. DOS maintains a Level 3 Advisory for Italy as well.

The most affected regions are Lombardy and Veneto (North Italy, Milan consular district). On February 23, 2020, the U.S. Embassy in Rome issued a Health Alert, stating that the U.S. Consulate General in Milan has suspended routine visa services until March 2, 2020. Given the continued health concerns, we expect an updated advisory shortly. However, at this time, full consular services are available at the U.S. Embassy in Rome and the U.S. Consulates General in Florence and Naples.

China:

The CDC has raised the Travel Advisory level for China to a Warning—Level 3 category, recommending that travelers avoid all nonessential travel. DOS has raised the Travel Advisory to Level 4 advising that individuals not travel to China, and to be prepared for the possibility of travel restrictions with little to no advanced notice.

The previous warnings related to China under the Presidential Proclamation, effective February 2, 2020, remain in effect. Foreign nationals who have visited China in the last 14 days may not enter the United States, and American citizens and lawful permanent residents who have been to China in the past 14 days will undergo health screenings at a prescribed list of airports. Depending on their history, individuals may receive additional travel prescriptions.

South Korea:

The CDC has raised the Travel Advisory level for South Korea to a Warning—Level 3 category, recommending that travelers avoid all nonessential travel. DOS maintains a Level 3 Advisory for South Korea as well.

Japan:

The CDC added Japan to the Travel Advisory alerts at Alert—Level 2. The CDC recommends that high-risk travelers practice enhanced precautions. As of February 21, 2020, the U.S. Embassy in Tokyo continues to provide all consular services.

Hong Kong:

The CDC has maintained a Travel Advisory level of Watch—Level 1 (Practice Usual Precautions) for Hong Kong. DOS increased the Hong Kong Travel Advisory to Level 2 (Exercise Increased Caution). Further, the U.S. Consulates in Hong Kong and Macau recommend that anyone with a pending consular appointment who resides in China, has traveled to China recently, or intends to travel to China prior to their planned trip to the United States, postpone their visa interview appointment until 14 days subsequent to their departure from China.

©1994-2020 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

ARTICLE BY Danielle A. Porter of Mintz.
For more on coronavirus developments see the National Law Review Health Law & Managed Care section.

Coronavirus: Employers Should Plan, Not Panic

Coronavirus, whose formal name is COVID-19, has been the subject of much media attention since the first outbreak in Wuhan, China, late last year.  Just like recent outbreaks of the swine flu, the avian flu, SARS and the West Nile virus, each new “bug” creates fear surrounding a previously unknown threat.  While there are tens of thousands of cases in China, as of February 19, 2020, according to the U.S. Centers for Disease Control and Prevention (CDC), there were 15 confirmed cases of coronavirus in the U.S.  The confirmed cases were limited to seven states located on the perimeter of the country.

According to the CDC, coronaviruses are a large family of viruses that are common in many different species of animals, including camels, cattle, cats and bats. Rarely, animal coronaviruses can infect and then spread between people.

To put the current coronavirus outbreak in context, the CDC estimates there have been between 26 MILLION and 36 MILLION cases of flu in the U.S. this season and an estimated 15,000 to 36,000 deaths.  In fact, this year’s flu season is the worst in almost 20 years.  While the majority of these deaths and hospitalizations have occurred in people over age 65, this year’s flu has impacted children and younger adults in greater numbers than usual.

While no one knows for sure the extent to which the coronavirus will take hold in the U.S., employers should take steps now to plan ahead so that they will be able to maintain normal business operations.  The challenges for any business facing coronavirus or any other disease outbreak involve a multitude of conflicting legal obligations.  Under the Occupational Safety and Health Act (OSHA) and similar state laws, employers have a general duty and obligation to provide a safe and healthy work environment, even when the work occurs outside the employer’s physical premises. Furthermore, under these health and safety laws, employers must not place their employees in situations that are likely to cause serious physical harm or death.

Conversely, overreacting by implementing broad-based bans and making business decisions about employees that are not based on statistical realities could get an employer sued under laws that prohibit discrimination based upon disability (perceived or real) and national origin discrimination, among others.

Properly planning for and implementing plans to deal with the coronavirus is legally and operationally complex.  Listing all of the considerations for such plans are too numerous for this brief blog article. By way of example, employers who have operations in Hubei Province in China, the epicenter of the coronavirus outbreak, will face far more difficult and complex challenges than an employer with a single facility in the middle of the U.S.  However, at a minimum here are some things every business should be doing:

  • If you have not already done so, institute a ban on all business travel to China.  This may be a moot point given the cancellation of most flights into and out of mainland China.  Under the circumstances, it is also totally appropriate to require that any of your employees who choose to travel to China for personal reasons notify a designated company official and let the official know of their plans.

  • If employees must use a company-designated travel agent to arrange business travel, get the agent to provide reports on all international business travel.  But don’t overreact and implement a broad-based travel ban to countries that do not pose a risk of harm.  However, if an employee expresses fear of any international travel, have a rational discussion and review the relevant outbreak statistics to see if those fears are real or inflated.  Even if fears are irrational, consider the negative impact on employee morale by forcing someone to travel.

  • Designate a management official to check the CDC website daily to see the latest tracking of the virus’ spread.  This person should be the in-house resource and should be involved in ban or no-ban decisions.

  • If an employee has been to a real coronavirus “hotspot,” consider making him or her stay home for the full 14-day incubation period.  Whether employees work remotely or do not work, the decision whether they should be paid to stay home during this time is an individualized determination.  However, employers need to be flexible and should consider bending the rules if they want to appear humane and seriously concerned about health issues.  If employers force someone to stay home for two weeks without pay or make them use precious PTO, they may push people to hide where they have been, which will defeat planning to ensure that management is taking all reasonable steps to prevent the spread through the workplace.

  • Do not panic or overreact but rather engage in sound business contingency planning.  Begin by developing contingency plans based upon the industry you are in, the size of your business and how you will operate in the event absenteeism rates greatly exceed those of a normal flu season.

  • Use this opportunity to communicate with your employees about seasonal flu prevention strategies, such as minimizing contact and engaging in sound hygiene and sanitation.  As the statistics above demonstrate, seasonal flu poses a far greater and more immediate threat to your employees’ health than does the coronavirus.

  • Develop a plan for communicating with your employees if a major pandemic breaks out, regardless of where they are located, including the workplace, at home or on the road.
    Regardless of how bad things may get, it is important that management not panic or overreact.  Plan for worst case scenarios now so you can effectively respond to what will likely be a rapidly changing situation. To do this, your management should anticipate and prepare for how you will answer the plethora of questions that will almost certainly be raised.

Proper planning for and dealing with individualized employee situations implicates a whole range of employment laws, such as ADA, GINA, OSHA, Title VII, ERISA, as does the nature of your business.  To deal with these legal issues, you should consult with your attorney.

Finally, there are a variety of web-based resources available to assist you in planning, preparation, and monitoring the spread of the coronavirus on a global basis, including the CDC at www.cdc.gov, OSHA at https://www.osha.gov/SLTC/covid-19/, and the World Health Organization https://www.who.int/emergencies/diseases/novel-coronavirus-2019.

© 2020 Foley & Lardner LLP

For more on the coronavirus see the National Law Review Health Law & Managed Care section.

Law Firms and Bar Associations Must Plan Now for Coronavirus Outbreak

Our sources in Washington are indeed very worried about the coronavirus emerging from China. 

Many of our sources believe that containment will not work.

In the event of a major pandemic, “social distancing” will be enforced.  Schools, restaurants, movie theaters – and even law firms – will be closed, perhaps for an indefinite time, presenting unprecedented challenges.

At the very least, bar associations and law firms should begin thinking about logistics now using “peace time” wisely.

Viruses that originate in an animal and jump to a human can and often do change or mutate, presenting challenges to doctors and researchers. Especially during rapidly developing situations, reporters will likely demand simple and definitive answers, even in situations where simple and definitive answers don’t exist. As well, bloggers with political agendas may accidentally or purposely report fact as fiction and vice versa.

On the internet, anyone can be a “reporter” with the ability to publish immediately and without the safety net of editors, fact-checkers and other traditional media gatekeepers. Consider also the pressure on traditional media of balancing the need to report immediately vs. reporting accurately. Given those factors, the emerging coronavirus provides another fertile field for confusion with consequences.

The Spanish flu killed some 50 million to 100 million people worldwide over about a year in 1918-19 — one of the deadliest pandemics in human history. The 2003 severe acute respiratory syndrome (SARS) outbreak turned out to be less than a pandemic, but caused 774 deaths in 17 countries, according to the World Health Organization (WHO). The 2009 swine flu (H1N1) outbreak featured high rates of human- to-human transmission, yet was thought to have been less lethal than originally feared, with a minimum of 18,449 confirmed deaths. In fact, though, the U.S. Centers for Disease Control (CDC) has since estimated the global death toll at 284,000 — 15 times those confirmed cases.

All of these examples should serve as cautionary tales for how we approach and talk about this latest potential pandemic.

I reached out to Peter Sandman, perhaps the United States’ pre-eminent risk communication speaker and consultant. Here’s what Sandman told me in his email reply:

The key lesson here: The word “pandemic” means an infectious disease has spread to lots of people in lots of places. To be a pandemic, an outbreak has to be widespread and intense. It doesn’t have to be severe; 1918 was, 2009 wasn’t — at least in comparison.

This coronavirus? The experts are pretty sure it’s going to go pandemic. They don’t know yet how severe it will be, though many are guessing it will be closer to 2009 than to 1918. Even a mild pandemic kills a lot of people, simply because a small percentage of a huge number is a lot of people. And a mild pandemic can certainly be disruptive: hospital overcrowding, absenteeism, supply-chain problems, etc.

If it’s mild and stays mild, it won’t be catastrophic.

Whether it’s mild or severe, though, a pandemic eventually makes containment efforts futile, and therefore a waste of effort. Patient isolation, contact tracing and monitoring, quarantines and travel restrictions are the four main containment tools. The first two are conventional. The last two are controversial, not because they’re less effective than the first two but because they have bigger downsides.

None of the four, separately or together, can stop a pandemic. They can slow it a little, which isn’t nothing: It buys time for preparedness (emotional as well as medical and logistical). But as soon as the virus is spreading widely in a place, that place has no further use for containment.

The risk communication lesson now: Stop telling people that containment will “work.” If the coronavirus goes pandemic, as noted immunologist Dr. Anthony Fauci, director of the National Institute of Allergy and Infectious Diseases, and nearly every other expert expects, eventually (and probably pretty soon) it will be spreading widely in the U.S., too, and containment won’t make sense.

One feature of the 2009 flu outbreak was the changing nature of advice. At first, pregnant women were to receive priority for inoculations. Then, it was anyone with a compromised immune system, followed by those over the age of 60. As I recall, during this era before social media exploded and become a main source for news, reporters, columnists and other pundits were quick to criticize the CDC, the World Health Organization and other federal, state and local health officials for the lack of definitive advice and prognostication.

As this is being written, there is no way to tell whether the coronavirus is going to be highly infectious but not lethal or highly infectious with a high degree of lethality. It might even burn itself out — or it may seem to go into hiatus but then come roaring back in the fall (as did the Spanish flu).

Government agencies are already placing visitors from China into quarantine. This may suddenly escalate, with the closure of airports and other ports of entry. Stock markets may dramatically tumble — but then recover just days later. Or they may not. And if things really escalate, offices, schools, malls, theaters and other venues may close — and grocery shelves may empty. In the face of this uncertainty and volatility, prudent bar association and law firm leaders should be using “peace time” to prepare for the worst.

Now is the time to:

  • Examine your sick-leave policies. Family-leave policies, too, should be looked at because many employees may unilaterally decide to hunker down at home, especially if they have small children or elderly relatives to care for.

  • Encourage and utilize good hygiene practices (e.g., hand-washing, coughing into the crook of the elbow instead of the hand).

  • Consider what a travel ban might do to your business.

  • Remind your employees — and yourself — to depend on only the most reliable sources for information about coronavirus. The WHO, the CDC and state and local health boards are reliable. Facebook isn’t — and the advice given by the pundits on cable television must be taken with more than the proverbial grain of salt.

  • Remember to remind all of your stakeholders that situations like this are fluid and the information given out now may be preliminary and subject to change. Even advice from the CDC and WHO can change, depending on the facts at hand.

Employees, customers and other stakeholders will cross-check what you tell them against other sources. If you mislead them, they’ll hold it against you. Be especially careful not to sound over-reassuring or overconfident, which Sandman says are the two most common crisis risk communication mistakes other than outright dishonesty (also common, sadly).

© 2020 Hennes Communications. All rights reserved.

For more on Coronavirus risk mitigation, see the National Law Review Health Law & Managed Care section.

D.C. District Court Limits the HIPAA Privacy Rule Requirement for Covered Entities to Provide Access to Records

On January 23, 2020, the D.C. District Court narrowed an individual’s right to request that HIPAA covered entities furnish the individual’s own protected health information (“PHI”) to a third party at the individuals’ request, and removed the cap on the fee covered entities may charge to transmit that PHI to a third party.

Specifically the Court stated that individuals may only direct PHI in an electronic format to such third parties, and that HIPAA covered entities, and their business associates, are not subject to reasonable, and cost-based fees for PHI directed to third parties.

The HIPAA Privacy Rule grants individuals with rights to access their PHI in a designated record set, and it specifies the data formats and permissible fees that HIPAA covered entities (and their business associates) may charge for such production. See 45 C.F.R. § 164.524. When individuals request copies of their own PHI, the Privacy Rule permits a HIPAA covered entity (or its business associate) to charge a reasonable, cost-based fee, that excludes, for example, search and retrieval costs. See 45 C.F.R. § 164.524(c) (4). But, when an individual requests his or her own PHI to be sent to a third party, both the required format of that data (electronic or otherwise) and the fees that a covered entity may charge for that service have been the subject of additional OCR guidance over the years—guidance that the D.C. District Court has now, in part, vacated.

The Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act set a statutory cap on the fee that a covered entity may charge an individual for delivering records in an electronic form. 42 U.S.C. § 17935(e)(3). Then, in the 2013 Omnibus Rule, developed pursuant to Administrative Procedure Act rulemaking, the Department of Health and Human Services, Office for Civil Rights (“HHS OCR”) implemented the HITECH Act statutory fee cap in two ways. First, OCR determined that the fee cap applied regardless of the format of the PHI—electronic or otherwise. Second, OCR stated the fee cap also applied if the individual requested that a third party receive the PHI. 78 Fed. Reg. 5566, 5631 (Jan. 25, 2013). Finally, in its 2016 Guidance document on individual access rights, OCR provided additional information regarding these provisions of the HIPAA Privacy Rule. OCR’s FAQ on this topic is available here.

The D.C. District Court struck down OCR’s 2013 and 2016 implementation of the HITECH Act, in part. Specifically, OCR’s 2013 HIPAA Omnibus Final Rule compelling delivery of protected health information (PHI) to third parties regardless of the records’ format is arbitrary and capricious insofar as it goes beyond the statutory requirements set by Congress. That statute requires only that covered entities, upon an individual’s request, transmit PHI to a third party in electronic form. Additionally, OCR’s broadening of the fee limitation under 45 C.F.R. § 164.524(c)(4) in the 2016 Guidance document titled “Individuals’ Right under HIPAA to Access their Health Information 45 C.F.R. Sec. 164.524” violates the APA, because HHS did not follow the requisite notice and comment procedure.” Ciox Health, LLC v. Azar, et al., No. 18-cv0040 (D.D.C. January 23, 2020).

All other requirements for patient access remain the same, including required time frames for the provision of access to individuals, and to third parties designated by such individuals. It remains to be seen, however, how HHS will move forward after these developments from a litigation perspective and how this decision will affect other HHS priorities, such as interoperability and information blocking.

© Polsinelli PC, Polsinelli LLP in California

For more on HIPAA Regulation, see the National Law Review Health Law & Managed Care section.

Federal Court Strikes Down HIPAA Fee Limitations for Third-Party Medical Records Requests

On Jan. 29, 2020, OCR released a notice regarding a recent federal court ruling in the case of Ciox Health, LLC v. Azar, et al., where a federal judge in the District Court for the District of Columbia vacated the “third-party directive” within the individual right of access “insofar as it expands the HITECH Act’s third-party directive beyond requests for a copy of an electronic health record with respect to protected health information (“PHI”) of an individual … in an electronic format.”Additionally, the court held that the fee limitation set forth at 45 CFR § 164.524(c)(4) should only to an individual’s request for access to their own records, and does not apply to an individual’s request to transmit records to a third party.

The Ciox Health case centered on the restrictions the Department of Health and Human Services (“HHS”) and the Office for Civil Rights (“OCR”) put in place in the 2013 Omnibus Rule 2 and through informal guidance published in 2016 regarding fees that can be charged to patient in searching for, retrieving, and delivering their records and PHI as it pertains to third-party directives. Third-party directives are a mechanism promulgated by the HITECH Act that granted individuals the right to obtain a copy of their PHI maintained electronically, and “if the individual so chooses, to direct the covered entity to transmit such copy directly to an entity or person designed by the individual.”3 Additionally, the HIPAA Privacy Rule permits a reasonable cost-based fee to provide the individual (or the individual’s personal representative) with a copy of the individual’s PHI, or to direct a copy to a designated third party. The fee may include only the cost of certain labor, supplies, and postage (this fee is also referred to as the “Patient Rate”).4

The 2013 Omnibus Rule broadened the third-party directives to PHI maintained in any format, not just electronic records. Moreover, the 2013 Omnibus Rule amended the Patient Rate and required actual labor costs associated with the retrieval of electronic information to be excluded.5

In 2016, HHS issued a guidance document titled Individuals’ Right under HIPAA to Access their Health Information 45 C.F.R. § 164.524 (the “2016 Guidance”).6  The 2016 Guidance made two notable requirements that gave rise to the current litigation. Most significantly, HHS declared that the Patient Rate applies “when an individual directs a covered entity to send the PHI to a third party.”7

“This limitation,” HHS said, referring to the Patient Rate, “applies regardless of whether the individual has requested that the copy of PHI be sent to herself, or has directed that the covered entity send the copy directly to a third party designated by the individual (and it doesn’t matter who the third party is).”8

Additionally, in the 2016 Guidance, HHS provided a methodology to calculate the Patient Rate in requests for an electronic copy of PHI maintained electronically. The methodology would require the entity to determine a fee by calculating the actual allowable costs to fulfill each request or by using a schedule of costs based on the average allowable labor costs to fulfill standard requests. HHS also provided an option for entities to charge a flat rate for requests for electronic copies of PHI not to exceed $6.50 as an alternative to going through the process of calculating these costs.

In this case, HHS was sued by Ciox Health, a medical record retrieval company, over the changes to the Patient Rate set forth in both the 2013 Omnibus Rule and the 2016 Guidance. Ciox Health argued that the $6.50 flat fee is an arbitrary figure that bears no relation to the actual cost of honoring patient requests for copies of their health information, and such a low fee has negatively impacted its business. Ciox Health claims the 2013 Omnibus Rule and the 2016 Guidance, “unlawfully, unreasonably, arbitrarily and capriciously,” restrict the fees that can be charged by providers and their business associates for providing copies of the health information stored on patients.

The district court, in declaring the changes to the Patient Rate set forth in the 2013 Omnibus Rule unlawful, held that HHS cannot rely on its general rulemaking authority to supplement the limited-scope, third-party directive enacted by Congress in the HITECH Act. The court held that the 2013 Omnibus Rule’s expansion of the third-party directive is therefore arbitrary and capricious. Moreover, the district court held that the 2016 Guidance that worked a change into the Patient Rate was akin to a legislative rule that HHS had no authority to adopt without notice and comment. As a result, the court vacated the 2013 Omnibus Rule’s expansion of the HITECH Act’s third-party directive beyond requests for a copy of electronic records with respect to PHI of an individual in an electronic format. The court also declared unlawful and vacated the 2016 Guidance as it extended the Patient Rate to third-party directives without going through notice and comment.

Health care providers and medical records access companies are no longer required to limit the fees charged to their average costs, or charge a $6.50 flat fee, when a patient requests their medical records be transmitted to a third party. The fee limitations will still apply to individuals when they request their own records, however, as decided in the Ciox Health decision, on January 23, 2020.

OCR released a notice on Jan. 29, 2020 that the right of individuals to access their own records and any fee limitations that apply when exercising this right still apply. However, OCR appears to have at least accepted this ruling for now, as it pertains to third-party directives. OCR stated that it will continue to enforce the right of access provisions in 45 CFR § 164.524 that are not restricted by the court order. The court order can be viewed here.

[1] Ciox Health, LLC v. Azar, et al., No. 18-cv-0040 (D.D.C. January 23, 2020)

[2] See Modifications to the HIPAA Privacy, Security,

Enforcement, and Breach Notification Rules Under the [HITECH] Act and the Genetic

Information Nondiscrimination Act; Other Modifications to the HIPAA Rules, 78 Fed. Reg. 5,566

(Jan. 25, 2013).

[3] 42 U.S.C. § 17935(e);

[4] 45 CFR § 164.524(c)(4)

[5] 78 Fed. Reg. at 5,636.

[6] This guidance is available at this link: https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html.

[7] Id. at 16.

[8] Id.

© 2020 Dinsmore & Shohl LLP. All rights reserved.

For more on HIPAA medical-records regulation, see the National Law Review Health Law & Managed Care section.

Coronavirus and the Workplace: What Employers Need To Know

News that multiple cases of the newly-identified 2019 Novel Coronavirus have reached the United States have prompted employers to think about employee safety and ways to address disease prevention in the workplace. Although, according to the Occupational Safety and Health Administration (OSHA), “most American workers are not at significant risk of infection” at this time, the situation is evolving, and it is never too early for employers to consider how they can address employee concerns, help prevent an outbreak, or address one if it occurs. Employers should also be aware of legal pitfalls that they may encounter when attempting to protect their employees from the virus.

The following addresses some of the key questions employers may have regarding the Coronavirus threat.

What is the Coronavirus and How Is It Transmitted?

At this point, relatively little is known about the 2019 Novel Coronavirus, more commonly known as the “Coronavirus.” According to the CDC, the initial reports of the illness originated in Wuhan, China, where people likely contracted the virus from animals at a seafood and animal market. Experts now believe that the virus is spreading from human-to-human when an infected person coughs or sneezes, similar to the spread of a cold or flu. However, it is still too early to know how easily the virus is transmitted between people.

What Are the Primary Symptoms of the Coronavirus?

In the confirmed cases of Coronavirus thus far, affected individuals have reported mild to severe respiratory symptoms, fever, cough, shortness of breath, and breathing difficulties. In severe cases, the virus has led to pneumonia, kidney failure, and, in at least 100 deaths (presently, all in China), as of the time of this writing.  The CDC believes at this time that symptoms may appear within two to fourteen days after exposure.  However, some infected individuals have shown little to no symptoms.

How Can Spread of the Coronavirus Be Prevented?

Because there is presently no Coronavirus vaccine available, the CDC is recommending standard precautions to avoid the spread of respiratory viruses, such as washing hands with soap and water for at least 20 seconds, or, if soap is not available, using hand sanitizer; avoiding close contact with people who are sick; staying at home when you are sick; and disinfecting frequently touched objects and surfaces.

What If My Employees Travel to China For Business?

As of January 27, 2020, the CDC has issued a level 3 health travel notice (the highest threat level) recommending that people avoid all nonessential travel to China.

Employers whose employees travel to and from China should keep in mind the following:

  • Consider whether to limit business travel to affected areas. While the current CDC travel notice does not specifically define “nonessential travel,” the General Duty Clause of the Occupational Safety and Health Act (OSHA) requires employers to furnish “employment and a place of employment which are free from recognized hazards that are causing or likely to cause the death or serious physical harm to … employees.”  Although the Occupational Safety and Health Administration (also referred to as OSHA) has not promulgated specific standards covering the Coronavirus, requiring employees to engage in nonessential business travel to China (or any other areas in which the risk of contagion is heightened) could create risk under the General Duty Clause, particularly in light of the CDC warning against nonessential travel.  For that reason, employers whose business may involve travel to China (or other areas that become subject to travel restrictions or otherwise experience an increase in the spread of the virus) should consider other available options for employees for the duration of the threat, such as videoconferencing.

By the same token, employers should also be prepared to respond to employees who may express concerns about traveling to affected areas due to the virus.  While an employer generally has broad discretion to decide the duties and requirements of a job and to discipline employees who fail to fulfill those requirements, as a practical matter employers may wish to consider offering employees reasonable alternatives to such travel.

Finally, while employers may implement restrictions on work-related travel to affected areas, employers should tread more carefully when attempting to police personal, non-work-related travel. That said, recent decisions in the Seventh, Eighth, and Eleventh Circuits have held that the disability discrimination protections of the ADA do not apply where an employer takes an employment action based on the potential for an employee to become ill and disabled in the future.  Specifically, the Eleventh Circuit found no liability under the ADA where an employer terminated an employee who requested time off to travel to Ghana to visit family because of the perceived risk that the employee would contract the Ebola virus, due to recent outbreaks of the disease in neighboring countries.  While courts have tended to take this view, it is worth noting that the EEOC has argued on at least one occasion that an employer acting on a potential future health condition may be viewed as “regarding” an employee as disabled as long as the condition otherwise qualifies as a disability under the law.  For this reason, employers should consider the risks with imposing a ban on personal, non-work-related travel to affected areas.

  • Provide relevant safety information to employees. Employers whose employees travel to affected areas should provide information to their employees about how the Coronavirus is transmitted, its symptoms, and how to avoid exposure – utilizing trusted and reputable sources such as the CDC. Employers would be well advised to also provide these employees with resources and contact information for local health departments and the CDC.
  • Understand that employee travel may be interrupted. The Chinese government has closed transit within and out of Wuhan and certain other areas of the Hubei Province. Hong Kong has also imposed certain restrictions on travel to and from the Chinese mainland. The United States is also re-routing passengers from Wuhan, China to certain designated airports (including Chicago O’Hare, Atlanta, New York JFK, Los Angeles, and San Francisco) for enhanced screening. While screening for common viruses usually takes several hours, officials have indicated that those suspected of having the Coronavirus could be delayed for up to a day if additional screening is needed.

What Should I Do if an Employee Has Recently Traveled to China or Otherwise May Have Been Exposed to the Coronavirus?

Employers should remember that the Americans with Disabilities Act (ADA) places certain restrictions on the kinds of inquiries that can be made into an employee’s medical status. Specifically, the ADA prohibits employers from making disability-related inquiries and requiring medical examinations, unless (1) the employer can show that the inquiry or exam is job-related and consistent with business necessity, or (2) where the employer has a reasonable belief that the employee poses a direct threat to the health or safety of the individual or others that cannot otherwise be eliminated or reduced by reasonable accommodation.

According to Pandemic Preparedness Guidance published in 2009 by the Equal Employment Opportunity Commission (EEOC) in the midst of the H1N1 influenza outbreak, whether a particular outbreak rises to the level of a “direct threat” depends on the severity of the illness.  Employers should look to the most up-to-date assessments being made by the CDC or other public health authorities, as they relate to the employer’s location, to determine the severity level of an illness and, in turn, whether an employee who potentially has been exposed to the illness may constitute a “direct threat.”  Employers should not rely on speculation or unofficial information when making determinations about whether there is a direct threat.  At the moment, the CDC is not classifying the Coronavirus as a pandemic and has not issued a heightened threat level for the United States.  However, the situation continues to rapidly evolve and we will provide updates should additional guidance be released by the CDC or other public health officials on this important issue.

All this being said, employers should keep in mind the following when it comes to employees who have traveled to affected areas:

  • Employers need not wait until an employee returning from travel develops symptoms to inquire about exposure to the Coronavirus. Inquiring about whether an employee has traveled to an affected area or about possible exposure to a contagious illness during such travel would not constitute a disability-related inquiry.  However, as discussed below, the extent to which an employer may act on the information received will depend on the most recent information available from the CDC or other public health officials.  Further, employers inquiring into whether employees have traveled to affected areas should do so of all employees known or believed to have recently traveled, rather than directing such inquiries only to employees of certain races, ethnicities, or national origins. Finally, employers should be mindful to keep confidential all medical-related information received from an employee, in accordance with the ADA.
  • Under certain circumstances, employers may require employees who have traveled to areas affected by serious health threats to stay home. If the CDC or other local public health officials recommend that people who visit specified locations remain at home for several days until it is clear they do not have illness symptoms, an employer may require an employee who traveled to an affected area to remain out of work for the suggested period of time.  While presently the CDC states that individuals who may have been in close contact with someone with the Coronavirus may continue with their daily activities so long as they are not showing any symptoms, employers should continue to monitor the CDC website for further developments. In the absence of a CDC directive that employees who have traveled to affected areas stay at home, an employer who is considering requiring such employees to remain home, they should consult with counsel.

What Other Things Should Employers Be Thinking About When it Comes to the Coronavirus?

  • Employers may – and should – send employees home if they exhibit potential symptoms of contagious illnesses at work. The EEOC has said that sending an employee home who displays symptoms of contagious illness would not run afoul of the ADA’s restrictions on disability-related actions because: (i) if the illness ultimately turns out to be relatively mild or “run of the mill” (such as seasonal influenza), then it would not have constituted a covered disability in the first place; and (ii) if the illness does turn out to be severe (such that it may constitute a disability under the law), then the actions would be warranted under a direct threat analysis. In either case, an employer can send an employee home who is displaying symptoms of contagious illness, even if this is against the employee’s wishes.  Employers should also consider making clear in their policies that employees who have symptoms of a potential contagious illness must not report to work while they are sick.
  • Determine whether the FMLA or other leave laws may apply. An employee who is experiencing a serious health condition or who requires time to care for a family member with such a condition may be entitled to take unpaid leave under the federal Family and Medical Leave Act (FMLA) or state-law analogues.  Employees may also be eligible for leave as a reasonable accommodation under the ADA or related state or local law, if the underlying condition constitutes a qualifying disability.  However, employees generally are not entitled to take FMLA or reasonable accommodation leave to stay at home to avoid getting sick (though an exception may exist where a preexisting medical condition is likely to be worsened by exposure to a contagious disease). Furthermore, employees in certain jurisdictions may be entitled to paid sick leave if needed to care for themselves or a sick family member in the event of an illness, or if their workplace or a child’s school or day care is closed due to a public health emergency.
  • Consider whether OSHA requirements may apply. While, as noted above, OSHA has not promulgated specific standards covering the Coronavirus, it has issued a notice indicating that employers should be aware of the following general standards to which employers may be subject under OSHA:
    • General Duty Clause: As discussed above, the OSHA General Duty Clause requires employers to furnish “a place of employment which [is] free from recognized hazards that are causing or likely to cause the death or serious physical harm to … employees.” To that end, there are some readily achievable steps that employers can take to prevent the spread of the Coronavirus (and other contagious illnesses) within the workplace, such as: providing hand sanitizer to employees, ensuring that surfaces and eating areas are disinfected regularly, and encouraging employees who are sick to stay home. Employers also may start to consider certain policy changes they may wish to implement in response to the Coronavirus should the situation become more severe in the U.S., such as allowing employees to work from home.
    • Personal Protective Equipment: OSHA requires that protective equipment, clothing, and barriers be provided whenever it is necessary to prevent employees from being exposed to environmental hazards. Employers are required to assess the workplace, determine if hazards are present, and if so, select and have employees use protective equipment. Employers whose employees may encounter individuals infected with the Coronavirus, such as those in the healthcare and travel industries, should begin to consider what protective equipment would be necessary to protect its workforce should the virus begin to spread within the United States.
    • Recordkeeping and Reporting Requirements: OSHA requires that certain employers keep a record of certain work-related illness and injuries (often referred to as an OSHA Form 300 log). While there is a regulatory exemption for recording instances of the standard cold and flu, OSHA has deemed the 2019 Novel Coronavirus a recordable illness when a worker is infected on the job. In addition, certain employers may be subject to reporting requirements under state and local law if they have a reasonable belief that a significant disease is present in the workplace.
    • Employers in Higher-Risk Industries: While, again, OSHA has yet to issue any standards or controls specific to Coronavirus, employers operating in industries where employees may be at a potential increased risk of exposure should prepare for the possibility that heightened requirements may be put in place. In the past, OSHA has issued such guidance for employers in industries such as healthcare, airlines, and mortuary services, such as during the MERS outbreak in 2015.

*          *          *

Information about the Coronavirus is constantly developing, so employers also should continue to refer to the CDCWHO, and OSHA websites for the latest on appropriate precautions, including changes to travel notices.  Of course, we will continue to monitor this situation and report on any updates as they develop.

© 2020 Proskauer Rose LLP.

Growing Number of States Enact Drug Pricing Transparency Laws

Drug prices continue to be a hot button issue in American politics.  While many of the Trump Administration’s efforts to curb increasing drug prices stalled in 2019, a number of state legislatures have adopted drug price transparency laws in recent years.  Since 2015, Vermont, Nevada, California, Maryland, Louisiana, New York, Oregon, Colorado, Connecticut, Maine, Texas, and Washington have all adopted drug pricing transparency laws.  These laws are designed to incentivize manufactures to lower drug prices by requiring them to report information about drug price increases and their justification for how drug prices are set.  We have been tracking and summarizing these laws, and you can find our summary here.

Below is a brief overview of the trends that we’re seeing in state drug price transparency laws.

  • State Laws Requiring Manufacturer Reporting on Drug Price Increases.  The most prevalent type of drug price transparency laws requires manufacturers to report an extensive amount of information about drug price increases.  Generally, states require manufacturers to report the information to a state government agency (e.g., Oregon), but other states (e.g., California) require manufacturers to provide advance notice of drug price increases to purchasers.  Generally, reporting requirements are triggered when the wholesale acquisition cost (WAC) increases over a certain dollar threshold or when the net increase of the WAC increases a certain percentage over the course of a year.
  • State Laws Requiring Manufacturer Reporting for Specific Drugs Identified by the State or Certain Types of Drugs. Several states (e.g., Connecticut and Vermont) authorize an independent board to compile a list of drugs on which the state spends significant dollars and/or for which the WAC has increased significantly over the past year or past five years.  Manufacturers of the drugs identified by the board are required to report certain information about the drugs’ costs and pricing.  The reporting requirements in other state laws are specific to certain types of drugs.  For example, Nevada’s drug price transparency law initially applied only to forms of insulin and biguanides, which are essential for diabetes treatment.  In 2019, Nevada expanded the law to apply to prescription drugs essential for asthma treatment as well.
  • State Laws Requiring Pharmacy Benefit Managers (PBMs) to Disclose Manufacturer Rebates.  These laws place accountability for drug price increases on PBMs by requiring them to disclose the amount of rebates they negotiate and retain from manufacturers.

©1994-2020 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

ARTICLE BY Rachel E. Yount of Mintz.
For more drug pricing transparency developments see the National Law Review Biotech, Food & Drug law page.