Skip to Content


Legal Barriers RSS feed

EHR Exception to Stark and Anti-Kickback Laws: New Products

The Federal Anti-Kickback Law and the Physician Self-Referral (Stark) Law prohibit the offer or receipt of kickbacks, bribes or rebates as well as certain financial arrangements between and among healthcare organizations including providers and health plans. Each law includes a number of exceptions (“safe harbors” in the Anti-Kickback Law) that protect innocuous arrangements without... Read More >

Rating the Quality of Qualified Health Plans Sold in the Marketplace

This brief by Sara Rosenbaum, published on Health Reform GPS, discusses the November 19, 2013 federal Notice presenting the Quality Rating System (QRS) framework for rating Qualified Health Plans (QHPs) offered in the health insurance Marketplaces (i.e., Exchanges) and requesting public comment by January 21, 2014 on the proposed framework. The brief summarizes the general provisions of the... Read More >

New Brief on Data Collection and Use in Health Insurance Exchanges

This brief, written by Taylor Burke, Lara Cartwright-Smith, and Sara Rosenbaum, discusses the new health insurance marketplaces created under the Affordable Care Act and associated structural and process-related regulations that aim to ensure the quality and value of plans sold. To qualify to be sold in these marketplaces, new plans must be certified as a "Qualified Health Plan" (QHP), meet... Read More >

Health Information Exchange: New Products Available

Health information exchange is the act of moving health-related information electronically among multiple organizations, while a Health Information Exchange (HIE) is a formal entity providing a set of services that enable the collection and sharing of a patient's information among participating organizations. The ability to exchange health information electronically is the foundation of efforts... Read More >

HIPAA Enforcement: New Products from Health Information & the Law

The Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services is responsible for enforcing the Health Insurance Portability and Accountability Act’s (HIPAA) Privacy and Security Rules.  OCR has been very active investigating and penalizing violations of the HIPAA Rules.  OCR's enforcement process includes investigating complaints filed by individuals,... Read More >

New Fast Facts Defining Key Terms of the HIPAA Privacy Rule

Covered entities (CEs) are organizations that must comply with the HIPAA Privacy Rule.  CEs are made up of health care providers, health care plans, and clearinghouses.  Additionally, the Privacy Rule permits covered entities to use and disclose PHI without patient consent for certain core activities: treatment, payment and healthcare operations.  While treatment and payment... Read More >

New Products on Limited Data Sets and De-Identified Data

A limited data set is a set of patient identifiable information with certain types of information removed, as described under the Health Insurance Portability and Accountability Act’s (“HIPAA”) Privacy Rule.  De-identified data, by contrast, is not considered PHI at all and thus not protected by the Privacy Rule. Covered entities may use and disclose de-identified data... Read More >

Substance Abuse Records and Part 2: New Products Now Available

42 CFR Part 2 ("Part 2") are federal regulations governing the confidentiality of drug and alcohol abuse treatment and prevention records. The regulations include requirements applicable to certain federally assisted substance abuse treatment programs limiting the use and disclosure of substance abuse patient records and identifying information. Generally, written patient consent is required in... Read More >

Health Insurance Marketplaces: New Products from Health Information & the Law

The Patient Protection and Affordable Care Act (ACA) requires a health insurance marketplace or exchange to be established in each state.  The marketplaces are entities organized to provide competitive markets for buying health insurance for individuals who do not get health care coverage through their employers and small businesses (in separate Small Business Health Options or SHOP Exchange... Read More >

New Myth Busters on Access to PHI Under HIPAA

The HIPAA Privacy Rule identifies two specific instances where covered entities are required to disclose an individual's PHI: to the individual and to the Secretary of the U.S. Department of Health and Human Services.  In addition to these required disclosures, the Privacy Rule allows a covered entity to disclose an individual’s PHI to a family member involved in the individual’s... Read More >