The digital information sharing of health care records has lagged other industries in the 21st century. Mobile applications have been used for health tracking and are now being viewed as potential vehicles of interoperability. As Congress, the Administration, policy stakeholders, and other regulatory bodies seek ways to expand access to health records, secure interoperability is critical for health information technology vendors.
Additionally, the U.S. Department of Justice (DOJ) marked electronic health records (EHRs) as a top target for False Claims Act (FCA) enforcement — just as the health care industry’s use of e-health tools surged due to the COVID-19 pandemic.
Our team of health care lawyers has experience with key elements of EHR programs and health IT, including:
- Navigating the requirements of the federal government’s Meaningful Use and Promoting Interoperability EHR incentive programs.
- How the DOJ has pursued alleged FCA violations against EHR vendors and their provider customers in the past.
- Evaluating the impact of expansive new rules governing information blocking and interoperability on individual businesses and industries as a whole.
- Strategic considerations for companies contracting with health IT vendors.
- Managing transactions involving health IT companies, including regulatory diligence and structuring advice to assess and mitigate transaction risk.
- Drafting and negotiating health IT contracts, including data privacy and data security components.
- Compliance with state law, HITRUST, and HIPAA audit standards.
- Data privacy considerations specific to EHRs, including appropriate disclosure tagging and tracking.
- Data security hygiene and due diligence considerations, including compliance, vulnerability, and vendor management as necessary ingredients to interoperability and availability of EHRs.
- Managing the data life cycle and secure disposal of legacy platforms.
- Keeping our clients informed about contemplated or active policy changes in Washington, D.C.
Alston & Bird can provide:
- Training on interoperability and information blocking rules.
- Compliance program assessments and training.
- Contract review and negotiation.
- Form templates.
- Electronic medical record (EMR) vendor outage contingency planning exercises.