Publications

Health Law Washington Beat: International Edition Issue 1



3/18/2009

In This Issue

* * *

Margaret “Peggy” Hamburg Nominated to Head U.S. Food and Drug Administration

On March 14, 2009, U.S. President Obama nominated Dr. Margaret Hamburg to lead the United States Food and Drug Administration (FDA) and Dr. Joshua Sharfstein to be her deputy. The FDA is the agency responsible for overseeing the safety of food, drugs, and medical devices in the United States and has faced harsh criticism in the wake of recent food poisoning outbreaks and questions surrounding drug safety.

Dr. Hamburg is a physician and a bioterrorism expert, and led the New York City Health Department when the city was battling an outbreak of drug-resistant tuberculosis. She also served as an assistant health secretary under President Clinton in the late 1990s. Dr. Sharfstein, health commissioner for the city of Baltimore, Maryland, is a pediatrician who pushed the FDA for new labeling requirements to restrict the use of over-the-counter cold medicines for young children. The selection of Drs. Hamburg and Sharfstein demonstrates President Obama’s commitment to improving food and drug safety in the United States. Dr. Hamburg’s nomination must be confirmed by the U.S. Senate before she assumes this new role.

 

U.S. President Obama Selects Sebelius, DeParle to Lead Health Care Reform

On March 2, 2009, U.S. President Obama announced the appointment of Kansas Governor Kathleen Sebelius (D) as Health and Human Services (HHS) secretary and Nancy-Ann DeParle as director of the White House Office for Health Reform (a/k/a the White House “health czar”). These two appointments fill the void left by former Senate Majority Leader Tom Daschle, who was nominated for HHS secretary and health czar in December by then President-elect Obama.

DeParle served as CMS Administrator during the Clinton administration, from 1997-2000. She currently serves as managing director of CCMP Capital and sits on the boards of several corporations, including Medco Health Solutions and Boston Scientific, although she will resign from her board posts. As the new health czar, DeParle will serve as the president’s health policy counselor, and will report to the president and Chief of Staff Rahm Emanuel. DeParle’s appointment does not require Senate confirmation.

Sebelius served as Kansas’ insurance commissioner before becoming governor and has a reputation for bipartisan problem-solving. Sebelius’ nomination is subject to Senate approval. The confirmation hearing has not yet been scheduled, and Sebelius has said that she will continue to focus on Kansas’ issues right up until she’s confirmed. Once confirmed, Sebelius would be a member of President Obama’s cabinet and would advise the president on health, welfare, and income security plans, policies, and programs of the U.S. government; she would also, among other things, direct HHS staff to carry out the approved programs and activities of HHS.

 

U.S. President Obama Signs the American Recovery and Reinvestment Act of 2009 - Act Includes Billions of Dollars in Funding for the Promotion of Health Information Technology

The American Recovery and Reinvestment Act of 2009, P.L. 111-5, (the “Act”) that was signed into law on February 17, 2009 by U.S. President Obama provides for $787 billion in spending and tax incentives to help boost the U.S. economy. One of the most anticipated provisions of the Act relates to the national implementation of health information technology (HIT). HIT is defined as hardware, software, integrated technologies or related licenses, intellectual property, upgrades, or packaged solutions sold as services that are designed for or support the use by health care entities or patients for the electronic creation, maintenance, access, or exchange of health information. The Act provides $2 billion in start-up funds to promote and implement HIT, with a goal of utilization of an electronic health record by each person in the U.S. by 2014. In addition, the Act provides about $17 billion in payments to providers to encourage the use of electronic health records. All of this funding will be distributed by HHS.

Obtaining Funds

There are several ways that private entities can obtain the funding that is available through federal grants or contracts. First, HHS can provide financial assistance to entities called Regional Extension Centers, which must be, among other things, affiliated with a U.S.-based nonprofit institution and would provide technical assistance and best practices to providers to help accelerate the adoption, implementation, and effective use of health information technology. These Regional Extension Centers could receive financial assistance for up to four years, with funding limited to 50% of the capital and annual operating and maintenance costs.

Second, the Act allows HHS to award grants to a state or qualified state-designated entity to assist in the expansion of the electronic exchange and use of health information. Such assistance includes: enhancing broad participation in the national electronic use and exchange of health information; providing technical assistance in the development of solutions to exchange electronic health information; assisting patients in using health information technology; and promoting the use of electronic health records for quality improvement measures.

Last, the Act provides payments to Medicare and Medicaid providers who demonstrate use of certified electronic health records. Medicare physicians, who are not hospital-based, are eligible for incentive payments of up to $18,000 (in the first year), if they show meaningful use of electronic health records. An eligible hospital is also entitled to incentive payments of $2 million plus an applicable discharge-related amount. In addition, Medicaid providers who use electronic health records are eligible for additional funding that is designated to cover state spending on the purchase, adoption, and use of electronic health records.

Recommendations Committees

In addition to the funding provisions, the Act establishes committees to make recommendations related to identifying how to expand and implement a national infrastructure. The committees will provide recommendations to ensure that each person uses electronic health records by 2014 and to identify standards, specifications, and certification criteria for the electronic exchange of health information.

Other Appropriations for HIT

In addition to the funds appropriated to HHS, the Act provides funding to other agencies to promote HIT. The other appropriations include:

  • $4.7 billion to the National Telecommunications and Information Administration for the “Broadband Technology Opportunities Program”;
  • $85 million to the Indian Health Service for health information technology activities such as telehealth services development and related infrastructure requirements;
  • $2.5 billion to the Health Resources and Services Administration for grants to health centers, construction, renovation and equipment, and for the acquisition of health information technology systems, for health centers; and
  • $2.5 billion to the Rural Utilities Service for broadband loans, loan guarantees, and grants for broadband infrastructure in any area of the United States.

Implementation Challenges

The road to implementing the Act will be a rocky one. The existing hesitation of healthcare providers in adopting health information technology, coupled with the withdrawal of Tom Daschle’s nomination as the Secretary of HHS, present many obstacles for a quick and efficient implementation process. However, as the industry begins to realize the benefits of utilizing this technology (e.g. reduction in medical errors, quality improvement, and efficiency) and the existence of added privacy and security protections provided under the Act, the adoption and use should grow exponentially. For more information on the HIT initiative, please see Mintz Levin's February 26 Washington Beat, domestic edition.

 

Act Expands HIPAA Privacy and Security Rules

The Act includes three key changes relating to the health information privacy and security standards under the Health Insurance Portability and Accountability Act of 19961 (HIPAA) that will significantly impact those organizations that must comply with HIPAA (Covered Entities) and their contracted third-party vendors (Business Associates) that use or disclose health information on a Covered Entity’s behalf. These changes are:

1) new notice requirements in the event of a security breach;

2) extension of HIPAA’s privacy and security compliance obligations to Business Associates; and

3) stronger enforcement powers for federal and state regulatory agencies. With certain exceptions, Covered Entities and their Business Associates must implement the changes by February 17, 2010.

Breach Notification

The new breach notification requirement will oblige Covered Entities to notify affected individuals and HHS in the event of a breach of “unsecured” protected health information (PHI). The Act defines “unsecured” PHI as PHI that is not protected by “technologies and methodologies that render Protected Health Information unusable, unreadable, or indecipherable to unauthorized individuals.” Unencrypted PHI is a prime example.

New Business Associate Obligations

Prior to the Act’s enactment, HIPAA’s privacy and security compliance obligations did not apply to Business Associates. The Act applies HIPAA security standards directly to Business Associates and provides civil and criminal penalties for violations. This will significantly increase the compliance obligations for organizations in the HIT field and for others who provide services to Covered Entities involving the creation, use or disclosure of PHI. The Act also makes Business Associates directly responsible for complying with HIPAA’s implementation specifications for Business Associate Agreements, compliance obligations that were previously the responsibility of the Covered Entity.

HIPAA Enforcement

The Act expands HIPAA enforcement beyond the federal government and permits a State Attorney General to bring a civil action if he or she believes that the interests of one or more state residents is threatened or adversely affected as a result of a HIPAA violation. The State Attorney General may pursue injunctive relief or civil damages.

Because of the Act’s expanded enforcement requirements, Covered Entities will need to revisit existing privacy and security policies and forms—such as Business Associate Agreements. Business Associates will face significant new compliance obligations, including the adoption of privacy and security policies and procedures. For more information on the Act’s HIPAA provisions, please see Mintz Levin's February 26 Washington Beat, domestic edition.

Endnotes

1 Pub. L. No. 104-191, 110 Stat. 2021-2031 (August 21, 1996).

For assistance in this area, please contact one of the attorneys listed below or any member of your Mintz Levin client service team.

MEMBERS

Susan W. Berson
Managing Member,
Washington, D.C. Office
SBerson@mintz.com

Robert D. Clark
Managing Member, Health Law Practice
RDClark@mintz.com

Hope S. Foster
HSFoster@mintz.com

Karen S. Lovitch
KSLovitch@mintz.com

ASSOCIATES

Stephen R. Bentfield
SRBentfield@mintz.com

Shawneequa L. Callier
SLCallier@mintz.com

Theresa C. Carnegie
TCCarnegie@mintz.com

Lauren N. Haley
LNHaley@mintz.com

Sarah A. Kaput
SAKaput@mintz.com

Katina W. Lee
KLee@mintz.com

Carrie A. Roll
CARoll@mintz.com

Tara E. Swenson
TESwenson@mintz.com

Heather L. Westphal
HLWestphal@mintz.com

Jennifer E. Williams
JEWilliams@mintz.com

www.mintz.com

Publications Search

Archive

Accomplished Clients Accomplished Clients