Skip to Content


Legal Barriers RSS feed

New Products on ERISA Preemption of State Reporting Laws

On February 4, 2014, the U.S. Court of Appeals for the Second Circuit invalidated a Vermont law requiring health insurers to regularly submit health care data to a centralized database. The Second Circuit held that the state's law (as it applied to employee benefit plans) was preempted by the Employee Retirement Income Security Act of 1974 (ERISA), which governs employee benefit plans. ERISA... Read More >

New Products on Data Use Agreements

The HIPAA Privacy Rule establishes minimum federal requirements for the use and disclosure of protected health information (PHI) by covered entities. However, if a covered entity seeks to release PHI to a non-covered entity for research, public health activities or health care operations, then the covered entity may do so only in a “limited data set” and with an accompanying Data... Read More >

New products available on the proposed HIPAA amendments impacting the federal firearm background check database

The National Instant Criminal Background Check System (NICS) is a federal database containing the names of individuals prohibited under federal law from purchasing a firearm. Recently, the Department of Health and Human Services (HHS) announced a proposed rule amending the HIPAA regulations (governing the privacy and security of individually identifiable health information) to expressly permit... Read More >

EHR Exception to Stark and Anti-Kickback Laws: New Products

The Federal Anti-Kickback Law and the Physician Self-Referral (Stark) Law prohibit the offer or receipt of kickbacks, bribes or rebates as well as certain financial arrangements between and among healthcare organizations including providers and health plans. Each law includes a number of exceptions (“safe harbors” in the Anti-Kickback Law) that protect innocuous arrangements without... Read More >

Rating the Quality of Qualified Health Plans Sold in the Marketplace

This brief by Sara Rosenbaum, published on Health Reform GPS, discusses the November 19, 2013 federal Notice presenting the Quality Rating System (QRS) framework for rating Qualified Health Plans (QHPs) offered in the health insurance Marketplaces (i.e., Exchanges) and requesting public comment by January 21, 2014 on the proposed framework. The brief summarizes the general provisions of the... Read More >

New Brief on Data Collection and Use in Health Insurance Exchanges

This brief, written by Taylor Burke, Lara Cartwright-Smith, and Sara Rosenbaum, discusses the new health insurance marketplaces created under the Affordable Care Act and associated structural and process-related regulations that aim to ensure the quality and value of plans sold. To qualify to be sold in these marketplaces, new plans must be certified as a "Qualified Health Plan" (QHP), meet... Read More >

Health Information Exchange: New Products Available

Health information exchange is the act of moving health-related information electronically among multiple organizations, while a Health Information Exchange (HIE) is a formal entity providing a set of services that enable the collection and sharing of a patient's information among participating organizations. The ability to exchange health information electronically is the foundation of efforts... Read More >

HIPAA Enforcement: New Products from Health Information & the Law

The Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services is responsible for enforcing the Health Insurance Portability and Accountability Act’s (HIPAA) Privacy and Security Rules.  OCR has been very active investigating and penalizing violations of the HIPAA Rules.  OCR's enforcement process includes investigating complaints filed by individuals,... Read More >

New Fast Facts Defining Key Terms of the HIPAA Privacy Rule

Covered entities (CEs) are organizations that must comply with the HIPAA Privacy Rule.  CEs are made up of health care providers, health care plans, and clearinghouses.  Additionally, the Privacy Rule permits covered entities to use and disclose PHI without patient consent for certain core activities: treatment, payment and healthcare operations.  While treatment and payment... Read More >

New Products on Limited Data Sets and De-Identified Data

A limited data set is a set of patient identifiable information with certain types of information removed, as described under the Health Insurance Portability and Accountability Act’s (“HIPAA”) Privacy Rule.  De-identified data, by contrast, is not considered PHI at all and thus not protected by the Privacy Rule. Covered entities may use and disclose de-identified data... Read More >