CT Expands Telehealth via Telephone to Other Providers and Addresses HIPAA Compliance

By executive order late yesterday, Governor Ned Lamont expanded permission to offer “audio-only” telehealth services to commercial insurer’s in-network providers furnishing covered telehealth services. Two days ago, the Governor granted this permission to Medicaid providers serving Medicaid beneficiaries. The Executive Order also addresses licensure and location requirements and conditions for other providers wishing to offer telehealth services. Additionally, the order assures providers that compliance with federal agency guidance on HIPAA is adequate to meet state law.

CT DSS Announces that Medicaid will Cover Telehealth Services Delivered Via Telephone

Just one week ago, Medicaid in Connecticut did not cover telehealth services. Then, DSS issued Provider Bulletins 2020-09 and 2020-10 providing for emergency temporary telehealth coverage in response to the Covid-19 pandemic. Today, the Connecticut Department of Social Services (DSS) issued Provider Bulletin 2020-14, which further expands Medicaid reimbursement to include telehealth delivered via telephone.

DHHS Waives Certain Compliance Requirements for Providers

DHHS announced waivers of various compliance requirements for providers to ease administrative and operational burdens during this pandemic. I think the theme here is that providers just need to do the best that they can during these challenging times. Those that prioritize patient care, act reasonably and in good faith and do not commit fraud or abuse will be spared from enforcement actions.

Final Rules on Interoperability and Information Blocking Released

Yesterday, the Centers for Medicare and Medicaid Services (CMS) and the Office of the National Coordinator of Health Information Technology (ONC) released their long-awaited final rules on interoperability and information blocking.

First HIPAA Enforcement Action of 2020: Provider Size Does Not Matter but the Content of Its Breach Report Does

Lessons from the first enforcement action of 2020: (1) No covered entity is immune from HIPAA enforcement. (2) Craft factual breach reports that leave no unanswered questions and do not unnecessarily grab OCR’s attention.

Variations on Ransomware Tormenting Law Firms and Women

A relatively new kind of ransomware is targeting law firms and publicly shaming them into paying the ransom or risk having the firm’s data dumped on the internet. In other ransomware news, instead of money, some hackers are demanding photos of women’s body parts.

CA AG’s Office Releases Modified Proposed CCPA Regulations

The proposed modifications provide much-needed clarity to covered businesses in advance of the enforcement deadline and show that the AG seriously considered the comments and feedback it received. This post offers a very brief summary of some of the notable changes.