HIPAA Archives - EMPLOYEE BENEFITS BLOG

Coverage of COVID-19 Testing and the End of the COVID-19 Emergency

by Jacob Mattinson, Sarah Raaii, Alden Bianchi and Teal Trujillo | Mar 8, 2023 | Employee Benefits, Health and Welfare Plans

A key feature of the COVID-19 National Emergency (NE) and the COVID-19 Public Health Emergency (PHE) was the government’s ability to provide access and coverage of COVID-19 tests. This resulted in overlapping legislation targeted at providing tests to benefit plan participants for free.

With the end of the NE and PHE set for May 11, 2023, there is confusion about what will happen to COVID-19 testing.

Starting on March 18, 2020, the Families First Coronavirus Response Act (FFCRA) required all public and private insurance coverage, including self-funded plans, to cover COVID-19 tests and costs associated with diagnostic testing with no cost-sharing for the duration of the PHE. The Coronavirus Aid, Relief, and Economic Security (CARES) Act enacted shortly after expanded this requirement to cover out-of-network tests during the PHE. The Consolidated Appropriations Act of 2021 (CAA) then took a new approach and applied the requirement to over-the-counter (OTC) COVID-19 tests and added additional obligations. Under guidance issued by the US Departments of Labor, Health and Human Services, and Treasury, effective January 15, 2022, health plans were required to cover up to eight free OTC at-home tests per covered individual per month. Health plans could limit the reimbursement of these tests to the lesser of the actual or negotiated price or $12 per test. Health plans could also provide tests through participating network providers, such as pharmacies or retailers.

When the PHE ends, health plans will no longer be required to cover COVID-19 tests, either diagnostic or OTC, or testing-related services with no cost-sharing.

Employers should consider whether they want to continue to cover COVID-19 tests as required by a doctor or OTC without cost sharing. There is no requirement to stop doing this after the PHE but doing so may have some implications on group health plans. Importantly, if an employer decides to continue covering testing at no cost, they should consider how this affects any employer-sponsored high-deductible health plan (HDHP). IRS Notice 2020-15 permitted HDHP coverage of COVID-19 testing with no cost-sharing without conflicting with HSA eligibility (see our article here). This relief continues until further guidance is issued. Though COVID-19 testing could be considered preventative care under Section 223 of the Internal Revenue Code, the US Department of Treasury will need to provide further clarification. Employers should also consider whether they want to continue to apply a $12 reimbursement cap on COVID-19 or some other limitation.

After the PHE, employers who choose to continue to cover COVID-19 tests at no cost or apply a reimbursement cap may need to amend their plans or summary plan descriptions for these practices. They will also need to coordinate with any insurer or third-party administrator of the employer’s group health plan to ensure proper administration. Depending on the timing of these amendments, they may also need to provide a summary of material modifications to participants. Employers who decide not to continue coverage of COVID-19 tests or apply a reimbursement cap may need to amend their plans, depending on whether [...]

Continue Reading

How Employers Need to Prepare for the End of the COVID Public Health Emergency and National Emergency

by Jacob Mattinson, Sarah Raaii, Alden Bianchi and Teal Trujillo | Mar 2, 2023 | Employee Benefits, Health and Welfare Plans

On January 30, 2023, the Biden administration announced its intention to make final extensions of both the COVID-19 National Emergency (NE) and the COVID-19 Public Health Emergency (PHE) through May 11, 2023, at which point both will end. These emergency declarations have been in place for nearly three years and have enabled the government to modify certain coverage requirements by Medicare, Medicaid and private insurance plans, as well as benefits administration rules. The end of the PHE and NE may mean added costs for benefits plans and new questions regarding compliance. This series will explore the implications of the PHE and NE and what their impending end may mean for benefit plan sponsors with articles released periodically before May 11.

There are several important benefit coverage and administration requirements connected to the PHE and/or NE that may remain the same, remain for a temporary period or may need to be discontinued upon the end of these federal emergencies. Over the course of the upcoming weeks, we will cover the key topics that may be triggered by the end of the PHE and/or NE, including:

COVID-19 Testing (Part 2 of 10)
COVID-19 Vaccines (Part 3 of 10)
Telehealth (Part 4 of 10)
Mental Health Parity (Part 5 of 10)
High Deductible Health Plans, Health Savings Accounts and Employee Assistance Plans (Part 6 of 10)
Deadline Tolling Applied to Each of:
- COBRA (Part 7 of 10)
- Claims and Appeals + External Review (Part 8 of 10)
- HIPAA Special Enrollment (Part 9 of 10)
- Other Plan-Related Notices (Part 10 of 10)

Note that the items covered above are not an exhaustive list of all legislative and regulatory changes that could affect employee benefit plans. This series is meant to keep employers informed about some of the most important upcoming changes and the impending decisions and disclosures that need to be made.

For any questions regarding the end of the PHE and/or NE, please contact your regular McDermott lawyer or one of the authors.

Major Changes Proposed to Substance Use Disorder Confidentiality Law

by Scott Weinstein, Edward G. Zacharias, Abby Higgins and Li Wang | Jan 24, 2023 | Employee Benefits, Health and Welfare Plans

In a Notice of Proposed Rulemaking published December 2, 2022 (the Proposed Rule), the United States Department of Health and Human Services (HHS) proposed long-awaited changes to the regulations protecting the confidentiality of substance use disorder patient records under Part 2 of Title 42 of the Code of Federal Regulations (42 CFR Part 2, or Part 2). Specifically, the Proposed Rule would implement provisions of Section 3221 of the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), which required HHS to align Part 2 with certain provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and to make certain changes to the HIPAA Notice of Privacy Practices, the form given to patients and plan members that describes patient privacy rights, covered entity duties, and the covered entity’s uses and disclosures of protected health information (PHI).

HHS Issues Guidance on Requirements Under HIPAA for Online Tracking Technologies, Addressing Privacy and Security Concerns Related to Health Information

by Jennifer S. Geetter, Elliot R. Golding, Amy C. Pimentel, Scott Weinstein, Edward G. Zacharias and Marine Margaryan | Dec 20, 2022 | Privacy and Data Security

On December 1, 2022, the Office for Civil Rights (OCR) at the US Department of Health and Human Services (HHS) issued a Bulletin on the obligations of covered entities and business associates (regulated entities) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules (HIPAA Rules) when using online tracking technologies, such as cookies, web beacons and pixels. The Bulletin aims to provide further clarity on when identifiable information collected by such tracking technologies may also constitute protected health information (PHI) as defined and interpreted under the HIPAA Rules. In such instances, the Bulletin instructs that the technology vendor may be seen as providing a service to the regulated entity that would, in light of the use and disclosure of PHI, create a direct or downstream business associate relationship. Accordingly, the Bulletin states that the regulated entities would need to enter into a business associate agreement (BAA) with the vendor of the technology (and the vendor would, in turn, become a regulated entity) and meet other requirements under the HIPAA Rules. The Bulletin provides long-awaited guidance to help regulated entities review their positions and procedures concerning tracking technologies to ensure that the trackers they implement either do not collect PHI or meet the prerequisites outlined in the Bulletin.

Access the full article.

HIPAA Faces Test in New Abortion Reality

by Scott Weinstein | Sep 16, 2022 | Employee Benefits, Health and Welfare Plans

Doctors across the country are encountering a minefield of legal risks as they navigate a post-Roe reality. In this Axios article, McDermott Partner Scott Weinstein offers perspective on the Health Insurance Portability and Accountability Act (HIPAA) and health information disclosure.

Access the article.

Navigating Data Privacy Questions Post-Dobbs

by Scott Weinstein, Jayda Greco, David Quinn Gacioch, Daniel F. Gottlieb and Carolyn Metnick | Aug 10, 2022 | Digital Health, Employee Benefits, Health and Welfare Plans

The US Supreme Court’s recent decision to overturn Roe v. Wade in Dobbs v. Jackson Women’s Health Organization has raised many questions about potential efforts by law enforcement agencies to obtain data from healthcare and other service providers to detect the performance of a possibly unlawful abortion. For example, data collected by period-tracking apps, patients’ self-reported symptoms, or diagnostic-testing results might be used to establish the timeframe in which an individual became pregnant, and then demonstrate that a pregnancy was terminated, as part of investigative or enforcement efforts against individuals or organizations allegedly involved in such termination.

On June 29, 2022, the office within the US Department of Health and Human Services (HHS) that is responsible for enforcing the Health Insurance Portability and Accountability Act (HIPAA), the Office for Civil Rights (OCR), issued guidance addressing how HIPAA limits disclosures by covered entities and business associates to law enforcement agencies in the absence of a court order or other legal mandate. The guidance provides helpful insight on how OCR may use HIPAA enforcement to discourage unauthorized disclosures of protected health information (PHI) to law enforcement officials in the wake of new state laws outlawing abortion. The guidance also implicitly confirms, however, that HIPAA does not provide a complete shield against law enforcement and litigation-driven requests for abortion-related information.

FTC Issues Policy Statement Expanding Interpretation of Health Breach Notification Rule’s Scope

by Carolyn Metnick, Edward G. Zacharias and Sam Siegfried | Oct 13, 2021 | Digital Health, Employee Benefits, Health and Welfare Plans, Privacy and Data Security

On September 15, 2021, the Federal Trade Commission (FTC) voted 3–2 along party lines (with Republican commissioners dissenting) to issue a policy statement announcing an expansive interpretation of the FTC’s Health Breach Notification Rule, 16 CFR Part 318 (the Rule). According to the policy statement, the Rule applies to health apps and connected devices that are not subject to the Health Insurance Portability and Accountability Act (HIPAA) but are capable of drawing information from multiple sources—for example, through a combination of consumer inputs and application programming interfaces (APIs).

Protecting the Telehealth Consumer: FTC and State-Based Considerations

by Jiayan Chen | Sep 21, 2021 | Digital Health, Employee Benefits, Health and Welfare Plans, Privacy and Data Security

Telemedicine in the United States is facing an important crossroads. While telehealth services have demonstrated their value as an integral part of care delivery, federal and state waivers instituted during the COVID-19 pandemic are likely to expire soon. As lawmakers and agency officials consider updated or expanded digital health rules, regulators are expected to intensify their scrutiny of providers.

In this webinar, McDermott partners Jiayan Chen and Brian J. Boyle explore consumer protections for telehealth consumers, including the following:

Privacy considerations beyond the Health Insurance Portability and Accountability Act of 1996, including Federal Trade Commission requirements;
How to prepare for the Health Breach Notification Rule;
The ins and outs of advertising telehealth, including claims, endorsements and social media;
Strategies for engaging with users in the digital environment; and
Increased fraud enforcement.

Access the webinar.

COVID-19 Vaccine Q&A

by Joseph K. Mulherin, Kathleen Quinn, Troy Van Dongen and McDermott Will & Emery | Jul 7, 2021 | Employee Benefits, Employment, Health and Welfare Plans

Can employers mandate some employees get the vaccine and not others? Is there an obligation to consider requiring a COVID-19 test before coming back to work? What are the potential workers’ compensation claims relating to possible adverse reactions to a vaccine? Should employers mandate vaccinations?

In this article, McDermott partners Carole Spink, Joseph Mulherin, Kathleen Quinn and Troy Van Dongen answer common employer questions about the COVID-19 vaccine.

Access the article.

VIDEO: Transfers of Health Data from the European Union to the United States in a Post-Schrems II World

by Amy C. Pimentel and Romain Perray | May 27, 2021 | Employee Benefits, Health and Welfare Plans, Privacy and Data Security

In this video, McDermott Will & Emery partner Amy C. Pimentel explains the significance of health data transfers from the European Union to the United States in a post-Schrems II world. The recent Schrems II ruling invalidated the EU-US Privacy Shield, holding that the US legal regime on access to personal data does not contain adequate limitations and safeguards. Pimentel and McDermott’s Romain Perray recently also wrote for McDermott’s International News about this topic.

Access the article.

BLOG EDITORS

STAY CONNECTED

TOPICS

ARCHIVES

RECENT POSTS