As provider groups and hospitals across the country began to embrace the use of electronic health records, the OMW Health IT team helped a multi-specialty pediatric provider group better align itself with the local children’s hospital through a Stark/Anti-Kickback compliant EHR Donation Arrangement. The provider group needed an EHR system that would be interoperable with the system deployed by the hospital in order to better coordinate care for its young patients. In compliance with the Stark/Anti-Kickback rules, we crafted an arrangement whereby the hospital donated 85% of the cost of the EHR system in addition to software support and upgrades to the physician group.

Following the 2009 HITECH Act and the EHR Incentive Program, we provided meaningful use related legal guidance to the physician practice to allow them to attest to the Medicaid EHR Incentive Program AIU requirement beginning in 2011. We assisted by analyzing patient volume requirements and by providing on-call legal guidance to meet the meaningful use requirements. The physician practice has successfully attested to meaningful use through 2014, including meeting the Stage 2 requirements.

With the release of the HITECH Act and the Omnibus HIPAA Rule, Business Associates both large and small have sought legal advice on compliance with HIPAA obligations. One of our clients, a medical device company that stores PHI and provides customer support to its customers, asked us to provide a comprehensive HIPAA training. Overwhelmed with the number of Business Associate Agreements and the variety of legal requirements pushed down by covered entity customers, our client sought legal guidance related to both compliance with the HIPAA Security Rule requirements as well as discerning the actual legal requirements for Business Associate Agreements.

Most importantly however, our client needed assistance in providing HIPAA related training to its employees. Due to the focus on the new HIPAA rules the sales team needed education on how to address customer concerns about HIPAA compliance in order to gain trust from covered entity customers. We provided onsite HIPAA training to the customer service staff, software engineers, and sales team on HIPAA compliance and identifying customer compliance concerns. In addition, we strategized with our clients on how to design data flow between the covered entity and Business Associate to minimize HIPAA related risks.

We get excited about working with startups and enjoy meeting with technology companies as they look to disrupt the healthcare market place. We help them to work within the confines of HIPAA rather than avoiding patient data altogether. Following a recent success in a local incubator, a software company approached the OMW Health IT Team for guidance on how to design its data strategy.

On behalf of our client we identified the sources of the data and when such data was considered protected health information versus healthcare information provided directly by an individual. We created HIPAA authorizations, website terms and conditions and privacy policy, and negotiated Business Associate Agreements on the client’s behalf. Acknowledging that consumer trust was paramount to success we aided our client in developing and implementing robust HIPAA Security Policies and Procedures.

And now, as our client is about to pivot to its next great adventure in the healthcare ecosystem we are there to aid the client in negotiating its relationships with other technology companies and covered entities alike.