SlideShare a Scribd company logo

MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matters_1_2017.PPT

Download as PPT, PDF
C
Colin Zick
1 of 26
© 2017 Foley Hoag LLP. All Rights Reserved. HIPAA, Industry-Provider Interactions, and Related Compliance Matters MichBIO Bioscience Regulatory Compliance Workshop January 17, 2017 Colin J. Zick Co-Chair, Health Care and Data Privacy and Security Practices Foley Hoag LLP (617) 832-1275 czick@foleyhoag.com
MichBIO - HIPAA | 2© 2017 Foley Hoag LLP. All Rights Reserved. It’s Good to Be Back….
MichBIO - HIPAA | 3© 2017 Foley Hoag LLP. All Rights Reserved. Overview: Privacy, Security and Industry-Provider Interactions Data privacy and security issues are driven by more and more data. Industry – provider interactions have grown and evolved, despite scrutiny and regulation. These areas pose distinct and significant challenges for biotechs.
MichBIO - HIPAA | 4© 2017 Foley Hoag LLP. All Rights Reserved. 4 an Effective Compliance Plan The OIG Compliance Guidance lists seven elements of an effective compliance plan: 1)implementing written policies and procedures; 2)designating a compliance officer and compliance committee; 3)conducting effective training and education; 4)developing effective lines of communication; 5)conducting internal monitoring and auditing; 6)enforcing standards through well-publicized disciplinary guidelines; and 7)responding promptly to detected problems and undertaking corrective action.
MichBIO - HIPAA | 5© 2017 Foley Hoag LLP. All Rights Reserved. All That Data! Therapies, diagnostics, and connected devices now gather huge amounts of data That data can be more valuable than the “thing” that is treated, diagnosing, or connecting, provided you have the legal ability to use that data, by: –Direct consent –Operation of law –Aggregation/anonymization
MichBIO - HIPAA | 6© 2017 Foley Hoag LLP. All Rights Reserved. 2016: A Busy (and Dangerous) Year for Data and Data Security  The flip side: breaches and cyber attacks continue to occur at a high frequency.  A high percentage of the known breaches/attacks could have been prevented.  While some attacks are very high tech, low tech attacks are very popular and often successful.  Perpetrators know this and exploit human and systemic weaknesses.
MichBIO - HIPAA | 7© 2017 Foley Hoag LLP. All Rights Reserved. The Worst Case…. Dick Cheney’s Heart In 2008, a team of security researchers proved they could gain access through a pacemaker’s wireless control system Vice President Cheney had an implanted pacemaker This led to the communications capabilities of his pacemaker being disabled “Disconnection” is not a viable business model
MichBIO - HIPAA | 8© 2017 Foley Hoag LLP. All Rights Reserved. What is Protected By Law? “Personal Information” “Personal Information”:  Individual’s name + one or more of the following: – Social Security number – Financial account number – Credit card number – Driver’s license number – Biometric indicators (fingerprints, DNA, voice print)  Personal facts – Financial – Health – Family  Medical records and health information
MichBIO - HIPAA | 9© 2017 Foley Hoag LLP. All Rights Reserved. HIPAA Overview What is HIPAA? –“Health Insurance Portability and Accountability Act of 1996” –A federal statute with related regulations and guidance What does HIPAA do? –The statute covers a lot of different subjects. The focus of this session is the part of HIPAA that deals with confidentiality of Protected Health Information (“PHI”), which is referred to as “administrative simplification” –PHI is any “individually identifiable health information” that is transmitted by a “covered entity” in connection with specified electronic transactions (which makes it “ePHI”)
MichBIO - HIPAA | 10© 2017 Foley Hoag LLP. All Rights Reserved. Does HIPAA Apply to Biotech Companies? What kinds of businesses are HIPAA “covered entities”? –Health care providers –Health plans –Health care clearinghouses Biotechs may be considered a HIPAA “covered entity” –Could also be HIPAA “business associate” working with various types of health care providers, who themselves are HIPAA “covered entities”.
MichBIO - HIPAA | 11© 2017 Foley Hoag LLP. All Rights Reserved. Is HIPAA Relevant If You Are Not a “Covered Entity”? Even if HIPAA does not literally apply, it is a widely- accepted standard for health information and its management. Courts will look to HIPAA for guidance in determining what is appropriate under the laws of the states in which you do business. Therefore, even if you are not a “covered entity,” you need to know, understand and apply HIPAA’s standards for privacy and security of health information.
MichBIO - HIPAA | 12© 2017 Foley Hoag LLP. All Rights Reserved. Disclosure and Use Under HIPAA With notice (treatment, payment and health care operations) With authorization (marketing, research) Subject to objection (family, friends, clergy) By HIPAA “override” (public health, law enforcement, certain research)
MichBIO - HIPAA | 13© 2017 Foley Hoag LLP. All Rights Reserved. Keys to Protecting Personal Information Awareness Physical Security Electronic Security Data Retention/Destruction
MichBIO - HIPAA | 14© 2017 Foley Hoag LLP. All Rights Reserved. Security Risks – Wikileaks Type Email Hacks  How did Team Clinton fail? – Inappropriate IT vetting of phishing scam – Podesta failed to use two factor authentication – Poor virtual situational awareness
MichBIO - HIPAA | 15© 2017 Foley Hoag LLP. All Rights Reserved. Information Security Risks Spoofing and Identity Theft –A major issue, and not just for credit card companies, but for any entity that has an individual’s: • Name • Address • Email address • Social Security number • Financial Account number(s) • Credit Card number(s) • Drivers’ License number Confidential Information Breaches and Leaks – Impact on customers and customer relations – Negative PR for “brand”
MichBIO - HIPAA | 16© 2017 Foley Hoag LLP. All Rights Reserved. Contracts and Data Use Contracts are key to data use: –Consents and authorizations –Terms of use and privacy policies –Notices of privacy practices –Licenses –HIPAA business associate agreements
MichBIO - HIPAA | 17© 2017 Foley Hoag LLP. All Rights Reserved. Industry-Provider Interactions Basic principles: Avoid fraud, abuse, kickbacks What are the relevant laws? –Federal and state anti-kickback statutes –Federal and state false claims acts –Federal Stark anti-self-referral law and state analogues –Federal and state Sunshine Acts/physician transparency laws –Federal exclusion sanctions
MichBIO - HIPAA | 18© 2017 Foley Hoag LLP. All Rights Reserved. Privileged and Confidential: Attorney-Client Materials 18 Relevant Marketing Codes Governing Industry – Provider Interactions  OIG Compliance Guidance: Compliance Program Guidance for Pharmaceutical Manufacturers, issued by the Department of Health and Human Services Office of Inspector General, 68 Fed. Reg. 23731 (May 5, 2003)  Trade Association Codes: –PhRMA Code on Interactions with Healthcare Professionals –AdvaMed Code of Ethics on Interactions with Healthcare Professionals –International Federation of Pharmaceutical Manufacturers & Associations Code of Pharmaceutical Marketing Practices –Association of the British Pharmaceutical Industry Code of Practice
MichBIO - HIPAA | 19© 2017 Foley Hoag LLP. All Rights Reserved. Federal Anti-Kickback Statute  Federal anti-kickback statute (AKS) makes it a criminal offense to knowingly and willfully offer, pay, solicit or receive any remuneration to induce referrals of items or services reimbursed by federal health care programs. –Payments, credits or other forms of remuneration provided to Medicare/Medicaid beneficiaries can implicate the federal anti-kickback statute, 42 U.S.C. § 1320a-7b(b). –However, if no federal programs currently reimburse the product/service and you do not believe that any federal programs will pay for the product/service for an extended period of time, then the federal anti-kickback statute is probably not applicable.
MichBIO - HIPAA | 20© 2017 Foley Hoag LLP. All Rights Reserved. 20 Anti-Kickback Statute (cont.)  Remuneration includes anything of value and can take many forms besides cash, such as free rent, expensive hotel stays and meals, and excessive compensation for medical directorships or consultancies. In some industries, it is acceptable to reward those who refer business to you. However, in the Federal health care programs, paying for referrals is a crime.  The statute covers the payers of kickbacks—those who offer or pay remuneration— as well as the recipients of kickbacks—those who solicit or receive remuneration. Each party’s intent is a key element of their liability under the AKS.  Generally, the difficulty in determining potential liability lies in distinguishing between: – remuneration intended to induce referrals; and – remuneration paid to the referral source in return for legitimate services and in appropriate amounts
MichBIO - HIPAA | 21© 2017 Foley Hoag LLP. All Rights Reserved. 21 21 Anti-Kickback Statute (cont.)  Criminal penalties and administrative sanctions for violating the AKS include fines, jail terms, and exclusion from participation in the Federal health care programs. – Under the civil monetary penalty provisions, physicians who pay or accept kickbacks also face penalties of up to $50,000 per kickback plus three times the amount of the remuneration.  Safe harbors protect certain payment and business practices that could otherwise implicate the AKS from criminal and civil prosecution. – To be protected by a safe harbor, an arrangement must fit squarely in the safe harbor and satisfy all of its requirements. – Some safe harbors address personal services and rental agreements, investments in ambulatory surgical centers, and payments to bona fide employees.
MichBIO - HIPAA | 22© 2017 Foley Hoag LLP. All Rights Reserved. Privileged and Confidential: Attorney-Client Materials 22 Stark Law: What Is It and What Services Are Covered By It? Stark prohibits certain physician referrals to entities they have an interest in: Clinical laboratories Physical therapy Occupational therapy Certain radiology services Radiation therapy services and supplies  Durable medical equipment and supplies  Parental and enteral nutrients, equipment, and supplies  Prosthetics, orthotics, and prosthetic devices and supplies  Home health services  Outpatient prescription drugs  Inpatient and outpatient hospital services
MichBIO - HIPAA | 23© 2017 Foley Hoag LLP. All Rights Reserved. The Federal Sunshine Act  Enacted as Section 6002 of the Patient Protection and Affordable Care Act (“ACA”) on March 23, 2010.  Creates significant new legal obligations for drug and device manufacturers.  Requires every “applicable manufacturer” to file an annual disclosure report with the federal government. (Requires actual sales….)  This annual report must detail the manufacturers’ financial relationships with physicians and teaching hospitals (“covered recipients”) over the previous year.  Known as the “Sunshine Act” provisions, since they were originally proposed in 2007 as the “Physician Payments Sunshine Act” (sponsored by Senators Charles Grassley and Herb Kohl).  Unlikely to be repealed….  Several states have similar reporting laws or outright prohibitions.
MichBIO - HIPAA | 24© 2017 Foley Hoag LLP. All Rights Reserved. Sunshine Act Basics Disclosure –Requires manufacturers to disclose almost all payments and “transfers of value” made to physicians or teaching hospitals. –Requires manufacturers to disclose specific payments made to physicians and teaching hospitals, rather than simply disclosing aggregate payments. –Disclosures will be made public in a online, searchable database. Penalties – Imposes significant financial penalties on manufacturers for noncompliance.
MichBIO - HIPAA | 25© 2017 Foley Hoag LLP. All Rights Reserved. Sunshine Act Penalties  Manufacturers can face two types of noncompliance penalties – one for unknowing failures to report, and one for knowing failures to report.  Unknowing Failures to Report –Subject to a penalty of between $1,000 and $10,000 for each unreported payment, transfer, or ownership interest. –Total penalties for unknowing omissions are capped at $150,000 annually.  Knowing Failures to Report –Subject to significantly steeper penalties: between $10,000 to $100,000 per each unreported payment, transfer, or ownership interest. –Total penalties for unknowing omissions are capped at $1,000,000 annually.
MichBIO - HIPAA | 26© 2017 Foley Hoag LLP. All Rights Reserved. Colin Zick Partner and Co-Chair, Health Care and Privacy & Data Security Practice Groups Foley Hoag LLP czick@foleyhoag.com 617.832.1275

Recommended

Role-Based Access Governance and HIPAA Compliance: A Pragmatic Approach
Role-Based Access Governance and HIPAA Compliance: A Pragmatic ApproachRole-Based Access Governance and HIPAA Compliance: A Pragmatic Approach
Role-Based Access Governance and HIPAA Compliance: A Pragmatic ApproachEMC
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin, Inc.
 
HIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesHIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesRedspin, Inc.
 
The State of Legal Hiring: January-June 2019
The State of Legal Hiring: January-June 2019The State of Legal Hiring: January-June 2019
The State of Legal Hiring: January-June 2019Robert Half
 
Healthcare Data Security Update
Healthcare Data Security UpdateHealthcare Data Security Update
Healthcare Data Security UpdateGuardEra Access Solutions, Inc.
 
What is HIPAA Compliance?
What is HIPAA Compliance?What is HIPAA Compliance?
What is HIPAA Compliance?Power Admin LLC
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT worksMorris Dorfer
 
The 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data SecurityThe 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data SecurityKegler Brown Hill + Ritter
 

Recommended

Role-Based Access Governance and HIPAA Compliance: A Pragmatic Approach
Role-Based Access Governance and HIPAA Compliance: A Pragmatic ApproachRole-Based Access Governance and HIPAA Compliance: A Pragmatic Approach
Role-Based Access Governance and HIPAA Compliance: A Pragmatic ApproachEMC
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin, Inc.
 
HIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesHIPAA Security Risk Analysis for Business Associates
HIPAA Security Risk Analysis for Business AssociatesRedspin, Inc.
 
The State of Legal Hiring: January-June 2019
The State of Legal Hiring: January-June 2019The State of Legal Hiring: January-June 2019
The State of Legal Hiring: January-June 2019Robert Half
 
Healthcare Data Security Update
Healthcare Data Security UpdateHealthcare Data Security Update
Healthcare Data Security UpdateGuardEra Access Solutions, Inc.
 
What is HIPAA Compliance?
What is HIPAA Compliance?What is HIPAA Compliance?
What is HIPAA Compliance?Power Admin LLC
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT worksMorris Dorfer
 
The 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data SecurityThe 5 Things All In-House Counsel Need to Know about Privacy + Data Security
The 5 Things All In-House Counsel Need to Know about Privacy + Data SecurityKegler Brown Hill + Ritter
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpraudrey miguel
 
GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.Matthias Dobbelaere-Welvaert
 
Hot Topics in Privacy and Security
Hot Topics in Privacy and SecurityHot Topics in Privacy and Security
Hot Topics in Privacy and SecurityPYA, P.C.
 
Healthcare Transactions and Compliance
Healthcare Transactions and ComplianceHealthcare Transactions and Compliance
Healthcare Transactions and ComplianceCurtis Bernstein
 
Future trends for legal services
Future trends for legal servicesFuture trends for legal services
Future trends for legal servicesKatrin Stefanicki
 
Privacy Year In Preview
Privacy Year In PreviewPrivacy Year In Preview
Privacy Year In PreviewRockwell Bower, Esq., CIPP(US), CIPM
 
How will your business be affected and what you can do to stay ahead of the n...
How will your business be affected and what you can do to stay ahead of the n...How will your business be affected and what you can do to stay ahead of the n...
How will your business be affected and what you can do to stay ahead of the n...Carrenza
 
How to get started with being GDPR compliant
How to get started with being GDPR compliantHow to get started with being GDPR compliant
How to get started with being GDPR compliantSiddharth Ram Dinesh
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White PaperDmcenter
 
Choosing Initial and Expansion States for Your Telehealth Practice – Essentia...
Choosing Initial and Expansion States for Your Telehealth Practice – Essentia...Choosing Initial and Expansion States for Your Telehealth Practice – Essentia...
Choosing Initial and Expansion States for Your Telehealth Practice – Essentia...Epstein Becker Green
 
Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430
Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430
Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430Jean-François LOMBARDO
 
What is CJIS Compliance?
What is CJIS Compliance?What is CJIS Compliance?
What is CJIS Compliance?DoubleHorn
 
Ready or Not? Compliance in a World of New Models
Ready or Not? Compliance in a World of New ModelsReady or Not? Compliance in a World of New Models
Ready or Not? Compliance in a World of New ModelsPYA, P.C.
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer PrivacyAshish Jain
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR OverviewDieter Hovorka
 
Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? N-iX
 
Gdpr in a nutshell
Gdpr in a nutshellGdpr in a nutshell
Gdpr in a nutshellMatthew Butler
 
Privacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowPrivacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowThe Capital Network
 
Impact of GDPR on Canada May 2016 - Presented at IAPP Canada Symposium
Impact of GDPR on Canada May 2016 - Presented at IAPP Canada SymposiumImpact of GDPR on Canada May 2016 - Presented at IAPP Canada Symposium
Impact of GDPR on Canada May 2016 - Presented at IAPP Canada SymposiumConstantine Karbaliotis
 
Jafeer portfolio
Jafeer portfolioJafeer portfolio
Jafeer portfolioJafeer Ali
 
Universidad autonoma
Universidad autonomaUniversidad autonoma
Universidad autonomaAlejandro López Torres
 

More Related Content

What's hot

Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpraudrey miguel
 
GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.Matthias Dobbelaere-Welvaert
 
Hot Topics in Privacy and Security
Hot Topics in Privacy and SecurityHot Topics in Privacy and Security
Hot Topics in Privacy and SecurityPYA, P.C.
 
Healthcare Transactions and Compliance
Healthcare Transactions and ComplianceHealthcare Transactions and Compliance
Healthcare Transactions and ComplianceCurtis Bernstein
 
Future trends for legal services
Future trends for legal servicesFuture trends for legal services
Future trends for legal servicesKatrin Stefanicki
 
How will your business be affected and what you can do to stay ahead of the n...
How will your business be affected and what you can do to stay ahead of the n...How will your business be affected and what you can do to stay ahead of the n...
How will your business be affected and what you can do to stay ahead of the n...Carrenza
 
How to get started with being GDPR compliant
How to get started with being GDPR compliantHow to get started with being GDPR compliant
How to get started with being GDPR compliantSiddharth Ram Dinesh
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White PaperDmcenter
 
Choosing Initial and Expansion States for Your Telehealth Practice – Essentia...
Choosing Initial and Expansion States for Your Telehealth Practice – Essentia...Choosing Initial and Expansion States for Your Telehealth Practice – Essentia...
Choosing Initial and Expansion States for Your Telehealth Practice – Essentia...Epstein Becker Green
 
Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430
Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430
Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430Jean-François LOMBARDO
 
What is CJIS Compliance?
What is CJIS Compliance?What is CJIS Compliance?
What is CJIS Compliance?DoubleHorn
 
Ready or Not? Compliance in a World of New Models
Ready or Not? Compliance in a World of New ModelsReady or Not? Compliance in a World of New Models
Ready or Not? Compliance in a World of New ModelsPYA, P.C.
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer PrivacyAshish Jain
 
Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? N-iX
 
Privacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowPrivacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowThe Capital Network
 
Impact of GDPR on Canada May 2016 - Presented at IAPP Canada Symposium
Impact of GDPR on Canada May 2016 - Presented at IAPP Canada SymposiumImpact of GDPR on Canada May 2016 - Presented at IAPP Canada Symposium
Impact of GDPR on Canada May 2016 - Presented at IAPP Canada SymposiumConstantine Karbaliotis
 

What's hot (20)

Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpr
 
GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.
 
Hot Topics in Privacy and Security
Hot Topics in Privacy and SecurityHot Topics in Privacy and Security
Hot Topics in Privacy and Security
 
Healthcare Transactions and Compliance
Healthcare Transactions and ComplianceHealthcare Transactions and Compliance
Healthcare Transactions and Compliance
 
Future trends for legal services
Future trends for legal servicesFuture trends for legal services
Future trends for legal services
 
Privacy Year In Preview
Privacy Year In PreviewPrivacy Year In Preview
Privacy Year In Preview
 
How will your business be affected and what you can do to stay ahead of the n...
How will your business be affected and what you can do to stay ahead of the n...How will your business be affected and what you can do to stay ahead of the n...
How will your business be affected and what you can do to stay ahead of the n...
 
How to get started with being GDPR compliant
How to get started with being GDPR compliantHow to get started with being GDPR compliant
How to get started with being GDPR compliant
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
 
Choosing Initial and Expansion States for Your Telehealth Practice – Essentia...
Choosing Initial and Expansion States for Your Telehealth Practice – Essentia...Choosing Initial and Expansion States for Your Telehealth Practice – Essentia...
Choosing Initial and Expansion States for Your Telehealth Practice – Essentia...
 
Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430
Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430
Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430
 
What is CJIS Compliance?
What is CJIS Compliance?What is CJIS Compliance?
What is CJIS Compliance?
 
Ready or Not? Compliance in a World of New Models
Ready or Not? Compliance in a World of New ModelsReady or Not? Compliance in a World of New Models
Ready or Not? Compliance in a World of New Models
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer Privacy
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR Overview
 
Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing? Is Ukraine safe for software development outsourcing?
Is Ukraine safe for software development outsourcing?
 
Gdpr in a nutshell
Gdpr in a nutshellGdpr in a nutshell
Gdpr in a nutshell
 
Privacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowPrivacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to Know
 
Impact of GDPR on Canada May 2016 - Presented at IAPP Canada Symposium
Impact of GDPR on Canada May 2016 - Presented at IAPP Canada SymposiumImpact of GDPR on Canada May 2016 - Presented at IAPP Canada Symposium
Impact of GDPR on Canada May 2016 - Presented at IAPP Canada Symposium
 

Viewers also liked

Jafeer portfolio
Jafeer portfolioJafeer portfolio
Jafeer portfolioJafeer Ali
 
Creating the front cover
Creating the front coverCreating the front cover
Creating the front coverDaleisio
 
Aula sobre pesquisa na internet
Aula sobre pesquisa na internetAula sobre pesquisa na internet
Aula sobre pesquisa na internetgeoteste
 
Trabajo de power point.
Trabajo de power point.Trabajo de power point.
Trabajo de power point.clauuudia
 
Diagramacion y composicion act 2.1
Diagramacion y composicion act 2.1Diagramacion y composicion act 2.1
Diagramacion y composicion act 2.1estebannolivos
 
Uk Tribes Research
Uk Tribes ResearchUk Tribes Research
Uk Tribes ResearchJacobMayuga
 
Diseño de subestacion de transmicion
Diseño de subestacion de transmicionDiseño de subestacion de transmicion
Diseño de subestacion de transmicionAimeé Cruz Gómez
 
Emmanuel Pernez Bosito
Emmanuel Pernez BositoEmmanuel Pernez Bosito
Emmanuel Pernez BositoEmman Bosito
 

Viewers also liked (11)

Jafeer portfolio
Jafeer portfolioJafeer portfolio
Jafeer portfolio
 
Universidad autonoma
Universidad autonomaUniversidad autonoma
Universidad autonoma
 
Creating the front cover
Creating the front coverCreating the front cover
Creating the front cover
 
Aula sobre pesquisa na internet
Aula sobre pesquisa na internetAula sobre pesquisa na internet
Aula sobre pesquisa na internet
 
Trabajo de power point.
Trabajo de power point.Trabajo de power point.
Trabajo de power point.
 
Diagramacion y composicion act 2.1
Diagramacion y composicion act 2.1Diagramacion y composicion act 2.1
Diagramacion y composicion act 2.1
 
Uk Tribes Research
Uk Tribes ResearchUk Tribes Research
Uk Tribes Research
 
Slideshare
SlideshareSlideshare
Slideshare
 
Diseño de subestacion de transmicion
Diseño de subestacion de transmicionDiseño de subestacion de transmicion
Diseño de subestacion de transmicion
 
Preventing Vulnerabilities: Eating to Support Mental Health
Preventing Vulnerabilities: Eating to Support Mental HealthPreventing Vulnerabilities: Eating to Support Mental Health
Preventing Vulnerabilities: Eating to Support Mental Health
 
Emmanuel Pernez Bosito
Emmanuel Pernez BositoEmmanuel Pernez Bosito
Emmanuel Pernez Bosito
 

Similar to MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matters_1_2017.PPT

HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowShred-it
 
Privacy-Security-Training-Session-Template-4.6.21.pptx
Privacy-Security-Training-Session-Template-4.6.21.pptxPrivacy-Security-Training-Session-Template-4.6.21.pptx
Privacy-Security-Training-Session-Template-4.6.21.pptxMohammadBashir26
 
The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceJim Anfield
 
HIPAA Panel Discussion
HIPAA Panel Discussion HIPAA Panel Discussion
HIPAA Panel Discussion Dan Wellisch
 
HIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule PlaybookHIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule PlaybookElizabeth Dimit
 
HIPAA-Compliant App Development Guide for the Healthcare Industry.pdf
HIPAA-Compliant App Development Guide for the Healthcare Industry.pdfHIPAA-Compliant App Development Guide for the Healthcare Industry.pdf
HIPAA-Compliant App Development Guide for the Healthcare Industry.pdfSuccessiveDigital
 
Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Kimberly Simon MBA
 
Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...
Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...
Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...Envision Technology Advisors
 
Keeping Your Business HIPAA-Compliant
Keeping Your Business HIPAA-CompliantKeeping Your Business HIPAA-Compliant
Keeping Your Business HIPAA-CompliantCarbonite
 
Hipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideHipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideFelipe Prado
 
Confidentiality Issues Arising Under the ADA, FMLA, HIPAA
Confidentiality Issues Arising Under the ADA, FMLA, HIPAAConfidentiality Issues Arising Under the ADA, FMLA, HIPAA
Confidentiality Issues Arising Under the ADA, FMLA, HIPAAParsons Behle & Latimer
 
Week 1 discussion 2 hipaa and privacy training
Week 1 discussion 2 hipaa and privacy trainingWeek 1 discussion 2 hipaa and privacy training
Week 1 discussion 2 hipaa and privacy trainingvrgill22
 
In 2013, the Health Insurance Portability and Accountability Act (HI.pdf
In 2013, the Health Insurance Portability and Accountability Act (HI.pdfIn 2013, the Health Insurance Portability and Accountability Act (HI.pdf
In 2013, the Health Insurance Portability and Accountability Act (HI.pdfbharatchawla141
 
Understanding HIPAA
Understanding HIPAAUnderstanding HIPAA
Understanding HIPAAManas Deep
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaageeksikh
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTKimberly Simon MBA
 

Similar to MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matters_1_2017.PPT (20)

HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to know
 
Privacy-Security-Training-Session-Template-4.6.21.pptx
Privacy-Security-Training-Session-Template-4.6.21.pptxPrivacy-Security-Training-Session-Template-4.6.21.pptx
Privacy-Security-Training-Session-Template-4.6.21.pptx
 
HITECH-Changes-to-HIPAA
HITECH-Changes-to-HIPAAHITECH-Changes-to-HIPAA
HITECH-Changes-to-HIPAA
 
The Startup Path to HIPAA Compliance
The Startup Path to HIPAA ComplianceThe Startup Path to HIPAA Compliance
The Startup Path to HIPAA Compliance
 
HIPAA Panel Discussion
HIPAA Panel Discussion HIPAA Panel Discussion
HIPAA Panel Discussion
 
HIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule PlaybookHIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule Playbook
 
Hipaa for business associates simple
Hipaa for business associates simpleHipaa for business associates simple
Hipaa for business associates simple
 
HIPAA-Compliant App Development Guide for the Healthcare Industry.pdf
HIPAA-Compliant App Development Guide for the Healthcare Industry.pdfHIPAA-Compliant App Development Guide for the Healthcare Industry.pdf
HIPAA-Compliant App Development Guide for the Healthcare Industry.pdf
 
Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017Health care compliance webinar may 10 2017
Health care compliance webinar may 10 2017
 
Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...
Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...
Meeting the Challenges of HIPAA Compliance, Phishing Attacks, and Mobile Secu...
 
Keeping Your Business HIPAA-Compliant
Keeping Your Business HIPAA-CompliantKeeping Your Business HIPAA-Compliant
Keeping Your Business HIPAA-Compliant
 
Hipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guideHipaa journal com - HIPAA compliance guide
Hipaa journal com - HIPAA compliance guide
 
Confidentiality Issues Arising Under the ADA, FMLA, HIPAA
Confidentiality Issues Arising Under the ADA, FMLA, HIPAAConfidentiality Issues Arising Under the ADA, FMLA, HIPAA
Confidentiality Issues Arising Under the ADA, FMLA, HIPAA
 
Week 1 discussion 2 hipaa and privacy training
Week 1 discussion 2 hipaa and privacy trainingWeek 1 discussion 2 hipaa and privacy training
Week 1 discussion 2 hipaa and privacy training
 
In 2013, the Health Insurance Portability and Accountability Act (HI.pdf
In 2013, the Health Insurance Portability and Accountability Act (HI.pdfIn 2013, the Health Insurance Portability and Accountability Act (HI.pdf
In 2013, the Health Insurance Portability and Accountability Act (HI.pdf
 
Understanding HIPAA
Understanding HIPAAUnderstanding HIPAA
Understanding HIPAA
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaa
 
Hipaa omnibus
Hipaa omnibusHipaa omnibus
Hipaa omnibus
 
HealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUSTHealthCare Compliance - HIPAA and HITRUST
HealthCare Compliance - HIPAA and HITRUST
 
Hippa training v2
Hippa training v2Hippa training v2
Hippa training v2
 

MichBIO_-_HIPAA__Industry-Provider_Interactions__and_Related_Compliance_Matters_1_2017.PPT

  • 1. © 2017 Foley Hoag LLP. All Rights Reserved. HIPAA, Industry-Provider Interactions, and Related Compliance Matters MichBIO Bioscience Regulatory Compliance Workshop January 17, 2017 Colin J. Zick Co-Chair, Health Care and Data Privacy and Security Practices Foley Hoag LLP (617) 832-1275 czick@foleyhoag.com
  • 2. MichBIO - HIPAA | 2© 2017 Foley Hoag LLP. All Rights Reserved. It’s Good to Be Back….
  • 3. MichBIO - HIPAA | 3© 2017 Foley Hoag LLP. All Rights Reserved. Overview: Privacy, Security and Industry-Provider Interactions Data privacy and security issues are driven by more and more data. Industry – provider interactions have grown and evolved, despite scrutiny and regulation. These areas pose distinct and significant challenges for biotechs.
  • 4. MichBIO - HIPAA | 4© 2017 Foley Hoag LLP. All Rights Reserved. 4 an Effective Compliance Plan The OIG Compliance Guidance lists seven elements of an effective compliance plan: 1)implementing written policies and procedures; 2)designating a compliance officer and compliance committee; 3)conducting effective training and education; 4)developing effective lines of communication; 5)conducting internal monitoring and auditing; 6)enforcing standards through well-publicized disciplinary guidelines; and 7)responding promptly to detected problems and undertaking corrective action.
  • 5. MichBIO - HIPAA | 5© 2017 Foley Hoag LLP. All Rights Reserved. All That Data! Therapies, diagnostics, and connected devices now gather huge amounts of data That data can be more valuable than the “thing” that is treated, diagnosing, or connecting, provided you have the legal ability to use that data, by: –Direct consent –Operation of law –Aggregation/anonymization
  • 6. MichBIO - HIPAA | 6© 2017 Foley Hoag LLP. All Rights Reserved. 2016: A Busy (and Dangerous) Year for Data and Data Security  The flip side: breaches and cyber attacks continue to occur at a high frequency.  A high percentage of the known breaches/attacks could have been prevented.  While some attacks are very high tech, low tech attacks are very popular and often successful.  Perpetrators know this and exploit human and systemic weaknesses.
  • 7. MichBIO - HIPAA | 7© 2017 Foley Hoag LLP. All Rights Reserved. The Worst Case…. Dick Cheney’s Heart In 2008, a team of security researchers proved they could gain access through a pacemaker’s wireless control system Vice President Cheney had an implanted pacemaker This led to the communications capabilities of his pacemaker being disabled “Disconnection” is not a viable business model
  • 8. MichBIO - HIPAA | 8© 2017 Foley Hoag LLP. All Rights Reserved. What is Protected By Law? “Personal Information” “Personal Information”:  Individual’s name + one or more of the following: – Social Security number – Financial account number – Credit card number – Driver’s license number – Biometric indicators (fingerprints, DNA, voice print)  Personal facts – Financial – Health – Family  Medical records and health information
  • 9. MichBIO - HIPAA | 9© 2017 Foley Hoag LLP. All Rights Reserved. HIPAA Overview What is HIPAA? –“Health Insurance Portability and Accountability Act of 1996” –A federal statute with related regulations and guidance What does HIPAA do? –The statute covers a lot of different subjects. The focus of this session is the part of HIPAA that deals with confidentiality of Protected Health Information (“PHI”), which is referred to as “administrative simplification” –PHI is any “individually identifiable health information” that is transmitted by a “covered entity” in connection with specified electronic transactions (which makes it “ePHI”)
  • 10. MichBIO - HIPAA | 10© 2017 Foley Hoag LLP. All Rights Reserved. Does HIPAA Apply to Biotech Companies? What kinds of businesses are HIPAA “covered entities”? –Health care providers –Health plans –Health care clearinghouses Biotechs may be considered a HIPAA “covered entity” –Could also be HIPAA “business associate” working with various types of health care providers, who themselves are HIPAA “covered entities”.
  • 11. MichBIO - HIPAA | 11© 2017 Foley Hoag LLP. All Rights Reserved. Is HIPAA Relevant If You Are Not a “Covered Entity”? Even if HIPAA does not literally apply, it is a widely- accepted standard for health information and its management. Courts will look to HIPAA for guidance in determining what is appropriate under the laws of the states in which you do business. Therefore, even if you are not a “covered entity,” you need to know, understand and apply HIPAA’s standards for privacy and security of health information.
  • 12. MichBIO - HIPAA | 12© 2017 Foley Hoag LLP. All Rights Reserved. Disclosure and Use Under HIPAA With notice (treatment, payment and health care operations) With authorization (marketing, research) Subject to objection (family, friends, clergy) By HIPAA “override” (public health, law enforcement, certain research)
  • 13. MichBIO - HIPAA | 13© 2017 Foley Hoag LLP. All Rights Reserved. Keys to Protecting Personal Information Awareness Physical Security Electronic Security Data Retention/Destruction
  • 14. MichBIO - HIPAA | 14© 2017 Foley Hoag LLP. All Rights Reserved. Security Risks – Wikileaks Type Email Hacks  How did Team Clinton fail? – Inappropriate IT vetting of phishing scam – Podesta failed to use two factor authentication – Poor virtual situational awareness
  • 15. MichBIO - HIPAA | 15© 2017 Foley Hoag LLP. All Rights Reserved. Information Security Risks Spoofing and Identity Theft –A major issue, and not just for credit card companies, but for any entity that has an individual’s: • Name • Address • Email address • Social Security number • Financial Account number(s) • Credit Card number(s) • Drivers’ License number Confidential Information Breaches and Leaks – Impact on customers and customer relations – Negative PR for “brand”
  • 16. MichBIO - HIPAA | 16© 2017 Foley Hoag LLP. All Rights Reserved. Contracts and Data Use Contracts are key to data use: –Consents and authorizations –Terms of use and privacy policies –Notices of privacy practices –Licenses –HIPAA business associate agreements
  • 17. MichBIO - HIPAA | 17© 2017 Foley Hoag LLP. All Rights Reserved. Industry-Provider Interactions Basic principles: Avoid fraud, abuse, kickbacks What are the relevant laws? –Federal and state anti-kickback statutes –Federal and state false claims acts –Federal Stark anti-self-referral law and state analogues –Federal and state Sunshine Acts/physician transparency laws –Federal exclusion sanctions
  • 18. MichBIO - HIPAA | 18© 2017 Foley Hoag LLP. All Rights Reserved. Privileged and Confidential: Attorney-Client Materials 18 Relevant Marketing Codes Governing Industry – Provider Interactions  OIG Compliance Guidance: Compliance Program Guidance for Pharmaceutical Manufacturers, issued by the Department of Health and Human Services Office of Inspector General, 68 Fed. Reg. 23731 (May 5, 2003)  Trade Association Codes: –PhRMA Code on Interactions with Healthcare Professionals –AdvaMed Code of Ethics on Interactions with Healthcare Professionals –International Federation of Pharmaceutical Manufacturers & Associations Code of Pharmaceutical Marketing Practices –Association of the British Pharmaceutical Industry Code of Practice
  • 19. MichBIO - HIPAA | 19© 2017 Foley Hoag LLP. All Rights Reserved. Federal Anti-Kickback Statute  Federal anti-kickback statute (AKS) makes it a criminal offense to knowingly and willfully offer, pay, solicit or receive any remuneration to induce referrals of items or services reimbursed by federal health care programs. –Payments, credits or other forms of remuneration provided to Medicare/Medicaid beneficiaries can implicate the federal anti-kickback statute, 42 U.S.C. § 1320a-7b(b). –However, if no federal programs currently reimburse the product/service and you do not believe that any federal programs will pay for the product/service for an extended period of time, then the federal anti-kickback statute is probably not applicable.
  • 20. MichBIO - HIPAA | 20© 2017 Foley Hoag LLP. All Rights Reserved. 20 Anti-Kickback Statute (cont.)  Remuneration includes anything of value and can take many forms besides cash, such as free rent, expensive hotel stays and meals, and excessive compensation for medical directorships or consultancies. In some industries, it is acceptable to reward those who refer business to you. However, in the Federal health care programs, paying for referrals is a crime.  The statute covers the payers of kickbacks—those who offer or pay remuneration— as well as the recipients of kickbacks—those who solicit or receive remuneration. Each party’s intent is a key element of their liability under the AKS.  Generally, the difficulty in determining potential liability lies in distinguishing between: – remuneration intended to induce referrals; and – remuneration paid to the referral source in return for legitimate services and in appropriate amounts
  • 21. MichBIO - HIPAA | 21© 2017 Foley Hoag LLP. All Rights Reserved. 21 21 Anti-Kickback Statute (cont.)  Criminal penalties and administrative sanctions for violating the AKS include fines, jail terms, and exclusion from participation in the Federal health care programs. – Under the civil monetary penalty provisions, physicians who pay or accept kickbacks also face penalties of up to $50,000 per kickback plus three times the amount of the remuneration.  Safe harbors protect certain payment and business practices that could otherwise implicate the AKS from criminal and civil prosecution. – To be protected by a safe harbor, an arrangement must fit squarely in the safe harbor and satisfy all of its requirements. – Some safe harbors address personal services and rental agreements, investments in ambulatory surgical centers, and payments to bona fide employees.
  • 22. MichBIO - HIPAA | 22© 2017 Foley Hoag LLP. All Rights Reserved. Privileged and Confidential: Attorney-Client Materials 22 Stark Law: What Is It and What Services Are Covered By It? Stark prohibits certain physician referrals to entities they have an interest in: Clinical laboratories Physical therapy Occupational therapy Certain radiology services Radiation therapy services and supplies  Durable medical equipment and supplies  Parental and enteral nutrients, equipment, and supplies  Prosthetics, orthotics, and prosthetic devices and supplies  Home health services  Outpatient prescription drugs  Inpatient and outpatient hospital services
  • 23. MichBIO - HIPAA | 23© 2017 Foley Hoag LLP. All Rights Reserved. The Federal Sunshine Act  Enacted as Section 6002 of the Patient Protection and Affordable Care Act (“ACA”) on March 23, 2010.  Creates significant new legal obligations for drug and device manufacturers.  Requires every “applicable manufacturer” to file an annual disclosure report with the federal government. (Requires actual sales….)  This annual report must detail the manufacturers’ financial relationships with physicians and teaching hospitals (“covered recipients”) over the previous year.  Known as the “Sunshine Act” provisions, since they were originally proposed in 2007 as the “Physician Payments Sunshine Act” (sponsored by Senators Charles Grassley and Herb Kohl).  Unlikely to be repealed….  Several states have similar reporting laws or outright prohibitions.
  • 24. MichBIO - HIPAA | 24© 2017 Foley Hoag LLP. All Rights Reserved. Sunshine Act Basics Disclosure –Requires manufacturers to disclose almost all payments and “transfers of value” made to physicians or teaching hospitals. –Requires manufacturers to disclose specific payments made to physicians and teaching hospitals, rather than simply disclosing aggregate payments. –Disclosures will be made public in a online, searchable database. Penalties – Imposes significant financial penalties on manufacturers for noncompliance.
  • 25. MichBIO - HIPAA | 25© 2017 Foley Hoag LLP. All Rights Reserved. Sunshine Act Penalties  Manufacturers can face two types of noncompliance penalties – one for unknowing failures to report, and one for knowing failures to report.  Unknowing Failures to Report –Subject to a penalty of between $1,000 and $10,000 for each unreported payment, transfer, or ownership interest. –Total penalties for unknowing omissions are capped at $150,000 annually.  Knowing Failures to Report –Subject to significantly steeper penalties: between $10,000 to $100,000 per each unreported payment, transfer, or ownership interest. –Total penalties for unknowing omissions are capped at $1,000,000 annually.
  • 26. MichBIO - HIPAA | 26© 2017 Foley Hoag LLP. All Rights Reserved. Colin Zick Partner and Co-Chair, Health Care and Privacy & Data Security Practice Groups Foley Hoag LLP czick@foleyhoag.com 617.832.1275

Editor's Notes

  1. Internet of Devices Me – telemedicine in the 1990s