Resources

Client Alerts, News Articles, Blog Posts, & Multimedia

Everything you need to know about BMD and the industry.

Time to Update Your HIPAA Compliance Plan for Telehealth Policies and Procedures

Client Alert
September 8, 2020

The delivery of healthcare in this country may be forever changed following the COVID-19 pandemic. Providing services through telehealth technologies initially allowed providers to connect with patients in a safe and socially distant manner and helped keep vital hospital beds free for COVID-19 care. Now, while still a safe, socially distant option, telehealth allows patients to access healthcare services in an efficient manner, decreases the likelihood of cancellations, and expands access to services that do not require an in-person encounter (i.e., surgery, procedure, or test). Telehealth is now widely reimbursed by both federal and commercial payors and more provider types are able to provide telehealth services within their licensed scope of practice.

While the use of technology by both providers and patients is now commonplace in the industry, protected health information (PHI) must be safe and secure. Providers are still obligated to keep PHI confidential and comply with the rules and requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). An increased frequency of technology introduces another avenue for potential risk and unauthorized uses or disclosures of PHI.

At the start of the COVID-19 public health emergency, the Office of Civil Rights (OCR), responsible for enforcing HIPAA, issued a notice of enforcement discretion to not impose penalties against healthcare providers for noncompliance with the regulatory requirements under HIPAA in connection with the good faith provision of telehealth through the duration of the national emergency. As of September 8, 2020, this enforcement discretion is still in place. It will not remain forever and enforcement actions are still at the decision of the OCR. Therefore, in a world with an increased use of technology for healthcare services and the risk of more unauthorized uses or disclosures of PHI, providers should still comply with all of the HIPAA rules and regulations and incorporate telehealth in a compliance plan and/or HIPAA policies and procedures.

The Healthcare and Hospital Law Department at Brennan Manna & Diamond, LLC is here to help account for telehealth and the increased use of technology in your current HIPAA compliance plan to ensure the safety and privacy of the PHI you create and/or maintain. The BMD team can help your practice mitigate risk in the ever changing healthcare delivery world. 

 

HealthcareCOVID-19telehealthtechnologyPHIHIPAAHIPAA ComplianceOCRregulatory requirementsenforcement actionscomplianceKevin CripeBMD Healthcare & Hospital Law Group
Client Alert

MYTH BUSTER: Can a New Chiropractor Bill Under An Established Chiropractor’s NPI?

May 14, 2026Many chiropractic practices mistakenly believe a newly hired chiropractor can bill under an established chiropractor’s NPI while waiting for credentialing approval. In most cases, this is not permitted. Claims should be submitted under the NPI of the chiropractor who actually rendered the service to avoid compliance risks, including potential False Claims Act exposure. This article outlines key billing rules, common exceptions, and practical compliance tips for chiropractic practices.Client Alert

RNs and APRNs Take Note: Ohio Board of Nursing Mandates a New CE Reporting Period

April 29, 2026Ohio’s Board of Nursing has updated the continuing education reporting period for RNs and APRNs. Beginning March 26, 2026, CE credits must be completed between July 1 and June 30 of odd-numbered years, replacing the previous November to October timeframe.Client Alert

Ohio Med Spas: Peptide Do's and Do Not's

April 29, 2026Recent guidance from the Ohio Board of Pharmacy outlines key compliance requirements for med spas using peptides. While some peptide drugs are FDA approved, others are not or cannot be compounded. Med spa operators should ensure they source medications from licensed suppliers, avoid non-approved or “research use only” products, and follow all compounding and storage regulations to maintain compliance and avoid enforcement actions.Client Alert

Substance Use Disorder Providers: 42 CFR Part 2 Now Enforceable

April 15, 2026Updates to 42 CFR Part 2 are now enforceable, bringing significant changes to how substance use disorder (SUD) records are handled. The Final Rule aligns Part 2 more closely with HIPAA, introduces updated penalties, allows a single patient consent for treatment, payment, and operations, and adds new requirements for Notices of Privacy Practices. It also creates a formal definition of SUD counseling notes and imposes strict consent requirements for their use and disclosure. Providers should review and update policies to ensure compliance.Client Alert

AAA Introduces AI-Assisted Arbitrator for Certain Disputes

April 7, 2026The American Arbitration Association has introduced an AI-assisted arbitration platform designed to streamline certain document-based disputes. While a human arbitrator still makes the final decision, the technology can improve efficiency, reduce costs, and accelerate case resolution. Companies should weigh these benefits against considerations such as transparency, risk, and contractual requirements before adopting AI-assisted arbitration.
Older posts