[Link to healthlawyer@hotmail.com]

Welcome to Alan S. Goldberg's Law, Technology & Change Home Page sm

[Last Updated June 21, 2008]

Copyright © 2008 Alan S. Goldberg All Rights Reserved
This Web site provides general educational information only & should not substitute for professional advice on your specific legal situation. Neither access to this Web site nor communication via this Web creates an attorney-client relationship.

This is Alan S. Goldberg's personal Web site for lawyers & law and other students for educational use only. This is NOT a law firm Web site & this is NOT a law or other school Web site.

New York law requires you to be reminded that this website is ATTORNEY ADVERTISING.


By entering this Web site, you agree to my >Disclaimer

>HEALTHLAWYERBLOG
PartDlaw
www.healthlawyer.com
canspamlaw
hipaanotice
ecommercelaw
hipaalaw
brownfieldslaw
HEALTHLAWYERBLOG
compliancelaw
healthfraud
housinglaw
telemedicinelaw
ucitalaw
esignlaw

Welcome from Alan S. Goldberg, Webmaster

[Link to healthlawyer@hotmail.com]

> Internet eMail

> CV

> Selected Publications

By viewing this Web site, you agree to my >Disclaimer


Alan S. Goldberg is a member of the bars of:
>Commonwealth of Virginia (2006), >State of New York (2003), >District of Columbia (2002), >State of Florida (1984), & >Commonwealth of Massachusetts (1967)
>HEALTHLAWYER BLOG

6845 Elm Street - Suite 205

McLean, Virginia 22101

(703) 915-4790


>goldberg.law.pro

>LexAlert sm

>LexAnalysis sm

The Webmaster was an Adjunct Professor of Law at >Suffolk University Law School teaching >eHealth
via >distance learning

and was an Adjunct Professor at
>University of Maryland School of Law teaching
>eHealth & at
>Boston College Law School teaching land finance

and now is an Adjunct Professor at George Mason University College of Health & Human Services teaching Health Law


Please read our Year 2000 Readiness Disclosure for this Web site

This Web site may be construed to contain attorney advertising, although advertising is not intended; prior results do not guarantee a similar outcome.

Please read my Privacy Policy

Citizens v. Leavitt
Plaintiffs seek invalidation of those parts of the HIPAA AdminSimp final privacy rule eliminating any requirement for consent to be obtained prior by a covered entity prior to using or disclosing protected health information for treatment, payment, or health care operations.
>Amended Complaint
>Citizens for Health et al. vs. Tommy G. Thompson, Complaint for Declaratory and Injunctive Relief April 10, 2003 USDC ED PA
>Citizens v. Thompson Memorandum & Order of April 2, 2004 USDC ED PA
>3rd Circuit Court of Appeals Decision
>Petition for Rehearing
NOTE: Centers for Medicare & Medicaid Services has changed the CMS web site & links that used to work don't work anymore & there appears to be no cross-walk feature. Please tell me if any of my links are no longer working. I regret any inconvenience. My >http://www.PartDlawyer.com/ will have updated links as soon as possible. In the meantime, some links to materials that have been moved or removed appear below.
>New CMS web site
>http://www.cms.hhs.gov/default.asp?
>Stark Law HCFA-AO-98-01
>Stark Law HCFA-AO-98-02
>Stark Law CMS-AO-2005-08-01

>Webmaster's LeadingLinks (sm)

More Webmaster's LeadingLinks (sm)

>ABA HLS >AHLA >FDLI >HIPAA SUMMIT >HIT SUMMIT >FREIVOGEL ON CONFLICTS
>CMS Web Site for Medicare Modernization Act Prescription Drug Benefit / Medicare Advantage Programs Rules & More
>Kaiser Family Foundation Resources on the Medicare Prescription Drug Benefit >HHS National Health Information Infrastructure >OCR HIPAA AdSi >CMS HIPAA AdSi TCS >CMS HIPAA AdSi Privacy >HRSA HIPAA >TRICARE HIPAA >SSA HIPAA >FTC Gramm-Leach-Bliley Privacy Initiatives
>US VetAdmin OGC HIPAA >US VetAdmin RESEARCH HIPAA
>CMS Physician Focused Quality Initiative >VetAdmin VISTA Computerized Patient Record System (CPRS) Demonstration System
>Federal Register >Code of Federal Regulations >United States Code >Thomas

>Florida Bar Health Law Section Web Site

Opinion of June 1, 2005 from DOJ to HHS regarding HIPAA AdSi Crimes Enforcement

http://world.std.com/~goldberg/hipaaopinioncrimes.pdf

HIPAA AdSi Proposed Enforcement Rule Filed April 14, 2005 To Be Published in Federal Register
As published in Federal Register April 18, 2005



American Health Information Community
>NHII NHIN RFI materials for legal review purposes
>GAO July 2004 Report on NHII

>Proposed Rule HHS CMS ePrescribing October 11, 2005 Stark .pdf

>Proposed Rule HHS OCR ePrescribing October 11, 2005 Anti-Kickback .pdf

>Proposed Rule HHS CMS ePrescribing October 11, 2005 Stark.html

>Proposed Rule HHS CMS ePrescribing October 11, 2005 Anti-Kickback.html
>Federal Register: November 15, 2004 (Volume 69, Number 219) Page 65599-65601 in .html format
>Federal Register: November 15, 2004 (Volume 69, Number 219) Page 65599-65601 in .pdf format

>HHS NHIN FAQs Nov. 17, 2004 .html
>HHS NHIN FAQs Nov. 17, 2004 2004 .pdf
>CMS Web Site for Medicare Modernization Act Prescription Drug Benefit / Medicare Advantage Programs General Information (Including Regulations)

>Final Rule Prescription Drug Plan January 28, 2005

>Final Rule Medicare Advantage January 28, 2005


>Proposed ePrescribing Rule Published by HHS
>Proposed ePrescribing Rule Federal Register February 4, 2005


>Senate Bill 1262 Senators Clinton, Frist, et al.

See the unofficial text and miscellaneous other materials below:
>http://world.std.com/~goldberg/s1262.pdf
>http://frist.senate.gov/_files/HealthITFristClintonOnePager.pdf
>http://www.healthcareitnews.com/NewsArticleView.aspx?ContentID=3182
>http://www.modernhealthcare.com/news.cms?newsId=3947&potId=FS [reg. req.]
>http://frist.senate.gov/_files/HealthITSectionbySection.pdf
>http://www.washingtonpost.com/wp-dyn/content/article/2005/06/16/AR2005061600413.html
>http://frist.senate.gov/index.cfm?FuseAction=PressReleases.Detail&PressRelease_id=1961

>The Office of the National Coordinator for Health Information Technology
Federal Register: August 19, 2005 Volume 70, Number 160 Notices Page 48718-48720

>Comments of David Brailer, MD, Ph.D., National Coordinator for Health Information Technology, on February 17, 2005 in Dallas regarding NHII
>Collaborative ONCHIT RFI Response
Collaborative Response submitted by: American Health Information Management Association (AHIMA), American Medical Informatics Association (AMIA), American National Standards Institute-Healthcare Informatics Standards Board (ANSI HISB), Center for Information Technology Leadership (CITL), Connecting for Health (CFH), eHealth Initiative (eHI), HIMSS EHR Vendor Association (EHRVA), Healthcare Information and Management Systems Society (HIMSS), Health Level Seven, Inc. (HL7), Integrating the Healthcare Enterprise (IHE), Internet2, Liberty Alliance, National Alliance for Health Information Technology (NAHIT)
>HHS National Health Information Infrastructure
>The Decade of Health Information Technology: Delivering Consumer-centric and Information-rich Health Care Framework for Strategic Action July 21, 2004
 
>HEALTHLAW BLOG
>DOJ FTC Report - Health Care Antitrust - 2004
>DC Bar Health Law Section -- The Patients Rights Manual
Copyright 2004 DC Bar. All Rights Reserved
A companion manual for legal practitioners will soon be available.
Contact DC Bar Sections Office (202) 626-3463
>IRS HIPAA AdSi cc-2004-034
HIPAA AdSi Security Rule Educational Materials
>HIPAA SUMMIT ELEVEN & HIT SUMMIT TWO
September 7-9, 2005
Renaissance Washington DC Hotel Washington, DC


>University of Colorado Hospital Authority v. Denver Publishing Co., No. 03-WM-1977 (D. Colo. Aug. 2, 2004)
HIPAA AdSi Is No Basis for Hospital Claim Against Newspaper For Alleged Privacy Violations


American Health Information Community
>NHII NHIN RFI materials for legal review purposes
>GAO July 2004 Report on NHII

>Proposed Rule HHS CMS ePrescribing October 11, 2005 Stark .pdf

>Proposed Rule HHS OCR ePrescribing October 11, 2005 Anti-Kickback .pdf

>Proposed Rule HHS CMS ePrescribing October 11, 2005 Stark.html

>Proposed Rule HHS CMS ePrescribing October 11, 2005 Anti-Kickback.html
>Federal Register: November 15, 2004 (Volume 69, Number 219) Page 65599-65601 in .html format
>Federal Register: November 15, 2004 (Volume 69, Number 219) Page 65599-65601 in .pdf format

>HHS NHIN FAQs Nov. 17, 2004 .html
>HHS NHIN FAQs Nov. 17, 2004 2004 .pdf
>HRSA Reorganization Federal Register September 21, 2004 >HHS Office of Inspector General Health care programs; fraud and abuse: Healthcare Integrity and Protection Data Bank; data collection reporting requirements Federal Registser September 21, 2004
First HIPAA Administrative Simplification subtitle criminal action, US v. Gibson
AUG. 21, 1996 HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 Public Law 104-191 104th Congress, Criminal Enforcement Provisions
WRONGFUL DISCLOSURE OF INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION SEC. 1177. (a) OFFENSE.--A person who knowingly and in violation of this part-- (1) uses or causes to be used a unique health identifier; (2) obtains individually identifiable health information relating to an individual; or (3) discloses individually identifiable health information to another person, shall be punished as provided in subsection (b). (b) PENALTIES.--A person described in subsection (a) shall-- (1) be fined not more than $50,000, imprisoned not more than 1 year, or both; (2) if the offense is committed under false pretenses, be fined not more than $100,000, imprisoned not more than 5 years, or both; and (3) if the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, be fined not more than $250,000, imprisoned not more than 10 years, or both.
>HIPAA AdSi Statutory Enforcement Provisions - Civil & Criminal
>US v. Gibson, W.D. Wash. No.CR04-0374RFM, Seattle, US Att'y HIPAA AdSi Criminal Information
>US v. Gibson, W.D. Wash. No.CR04-0374RFM, Seattle, US Att'y HIPAA AdSi Criminal Plea of Defendant
Class Actions Against Health Care Facilities
>Complaint vs. HCA
>Complaint vs. HMA
>Complaint vs. UHS
Miscellaneous US Government & Other Links

>HHS National Health Information Infrastructure >OCR HIPAA AdSi >CMS HIPAA AdSi TCS >CMS HIPAA AdSi Privacy >HRSA HIPAA >TRICARE HIPAA >SSA HIPAA >FTC Gramm-Leach-Bliley Privacy Initiatives
>US VA OGC HIPAA >US VA RESEARCH HIPAA

>Federal Register >Code of Federal Regulations >United States Code >Thomas
Miscellaneous CMS Links
>Medlearn Matters >Medlearn Learning Network Publications >Archives of Medlearn Matters NIH >Online Manual System >Medicare Modernization >Prescription Drug and Other Assistance Programs >Drug Discount Cards Quick Search >HIPAA Administrative Simplification Medicare Notice of Privacy Practices >HIPAA Administrative Simplification
Centers for Medicare & Medicaid Services PROPOSED RULES published August 3, 2004 in Federal Register
>Medicare: Medicare Advantage Program; establishment, 46865–46977
>Medicare Prescription Drug Benefit Program, 46631–46863
>HEALTH LAW BLOG
This Web site provides general educational information only and should not substitute for professional advice on your specific legal situation. Neither access to this Web site nor communication via this Web site creates a lawyer-client relationship.

By entering this Web site, you agree to our >Disclaimer

Please read our Year 2000 Readiness Disclosure for this Web site

By viewing this Web site, you agree to our Disclaimer

Please read our Privacy Policy

>Comptroller General Disclosure under Medicare Program 42 USC 1395(v)(1)(I)
>Complaint in California Consumer Health Care Council vs. Kaiser Foundation Health Plan, Inc. et al. under Business & Professions Code re: alleged privacy violations. dated March 12, 2004
US v. Green & Related Decisions: US Sentencing Guidelines Unconstitutional, June 18, 2004
STARK II INTERIM FINAL RULE
>Stark II Interim Final Rule March 25, 2004 - Before Publication in Federal Register
>Stark II Interim Final Rule Federal Register March 26, 2004 (requires correction below)
>Stark II Interim Final Rule 69 Federal Register Page 17933 et seq. Correction dated April 6, 2004
>Stark II Interim Final Rule Correction (.html version)
>Stark II Interim Final Rule Federal Register March 26, 2004 (Rule without Preamble)
>Stark II Interim Final Rule (.html version)
American Bar Association Health Law Section Audioconference
May 19, 2004
>The (Un)Common Law of HIPAA Administrative Simplification
>HHS OIG Compliance Program Guidance for Hospitals 2.23.98
>Compliance Guidance HHS OIG web site
VA CLE- >HIPAA Transactions - Privacy and Security (For the Non-Health Lawyer)
There are about 300,000,000 patients in the U.S. and millions of health care providers. They all care about HIPAA, so shouldn’t you? Co-sponsored by the Virginia Bar Association Health Law Section Program Level: Intermediate COURSE PURPOSE HIPA? HIPPA? HIPPAA? HIPAA? HIPPO? If you can’t spell it you don’t know it, so this is the seminar for you. Learn about HIPAA Administrative Simplification, which is anything but simple and affects much more than health care, including employers who provide employee health care benefits, companies who do business with health care providers and payors, and their lawyers who don’t concentrate in health care law, but might have to enter into HIPAA business associate contracts with their clients. Also, learn about obtaining medical records and how subpoenas are handled in Virginia under HIPAA.
FDA & SEC Cooperation
>FDA Web Site Announcement
>SEC Web Site Announcement
>FDA letter to SEC
>SEC letter to FDA
>Opinion: Dismissal of Count 9 in Martha Stewart et al. Criminal Proceedings
>DC Bar Health Law Section -- The Patients Rights Manual
Copyright 2004 DC Bar. All Rights Reserved
A companion manual for legal practitioners will soon be available.
Contact DC Bar Sections Office (202) 626-3463
Can-Spam Act
"This Act may be cited as the `Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003', or the `CAN-SPAM Act of 2003'..."
"SEC. 16. EFFECTIVE DATE. The provisions of this Act, other than section 9, shall take effect on January 1, 2004."

>Direct Marketing Association Can-Spam Act chart

>Direct Marketing Association Anti-Spam Documents Web Site
Massachusetts Law Materials
January 2004
>AN ACT TO PROMOTE THE FINANCIAL INTEGRITY OF PUBLIC CHARITIES
proposed by the Attorney General of the Commonwealth of Massachusetts
Massachusetts - .html format >Chapter 127 of the Acts of 2003 - AN ACT ESTABLISHING A NEW BUSINESS CORPORATION ACT - Chapter 156D
.doc format >Chapter 127 of the Acts of 2003 - AN ACT ESTABLISHING A NEW BUSINESS CORPORATION ACT - Chapter 156D
>Mass.gov site version
Attorney General of the Commonwealth of Massachusetts
>Summary of An Act to Promote the Financial Integrity of Public Charities
January 2004
>Web site "Charities" for The Office of Massachusetts Attorney General Tom Reilly

>Commonwealth of Massachusetts Executive Department Legal Counsel Web Site
>Massachusetts ePrescription Law
>Governor's Statement on Law

>UETA
>Massachusetts Proposed Department of Public Health Regulation - ePrescription

Centers for Medicare & Medicaid Services Medicare Reform Web Site
>Medicare Prescription Drug, Improvement, and Modernization Act of 2003
>CMS Drug Card Search Site
>Kaiser Family Foundation Resources on the Medicare Prescription Drug Benefit
>HR1 Joint Explanation
>House Committee on Ways & Means HR1 Web Site
Medicare Program; Medicare Prescription Drug Discount Card; >Interim Rule and Notice Federal Register
December 15, 2003 (Volume 68, Number 240)]
Rules and Regulations Page 69839-69927
>"HIPAA Compliance & Marketing Provisions Teresa DeCaro" of CMS
>December 18 & 19 2003 CMS Presentation on Medicare Prescription Drug, Improvement, and Modernization Act of 2003
>HIPAA Administrative Simplification Subtitle -- Excerpts from Medicare Prescription Drug, Improvement, and Modernization Act of 2003 & Medicare Program Prescription Drug Discount Card Interim Rule & Notice
[Note: reference should always be made to the official US government versions for complete accuracy & contextual understand.]
>HR1 Joint Explanation Microsoft Word for Windows
>HR1 Joint Explanation Corel WordPerfect
>HR1 Joint Explanation HTML
[Note: these version, which are large files & might take longer than most to open, were created using features in Adobe Acrobat, Microsoft Word for Windows, WordPerfect for W indows, & Conversions Plus (registered products & marks of Adobe Systems Incorporated, the Microsoft Corporation, Corel Corporation, &DataViz, Inc. , respectively) & are not official versions; reference should always be made to the official US government version for complete accuracy.]
HR1 adds more "covered functions" and another HIPAA Administrative Simplification Subtitle "covered entity" -- "a prescription drug card sponsor is a covered entity...."

"(h) QUALIFICATION OF PRESCRIPTION DRUG CARD SPONSORS AND ENDORSEMENT OF DISCOUNT CARD PROGRAMS; BENEFICIARY PROTECTIONS- `(1) PRESCRIPTION DRUG CARD SPONSOR AND QUALIFICATIONS- `(A) PRESCRIPTION DRUG CARD SPONSOR AND SPONSOR DEFINED- For purposes of this section, the terms `prescription drug card sponsor' and `sponsor' mean any nongovernmental entity that the Secretary determines to be appropriate to offer an endorsed discount card program under this section, which may include-- `(i) a pharmaceutical benefit management company; `(ii) a wholesale or retail pharmacy delivery system; `(iii) an insurer (including an insurer that offers medicare supplemental policies under section 1882); `(iv) an organization offering a plan under part C; or `(v) any combination of the entities described in clauses (i) through (iv)... (6) CONFIDENTIALITY OF ENROLLEE RECORDS- `(A) IN GENERAL- For purposes of the program under this section, the operations of an endorsed program are covered functions and a prescription drug card sponsor is a covered entity for purposes of applying part C of title XI and all regulatory provisions promulgated thereunder, including regulations (relating to privacy) adopted pursuant to the authority of the Secretary under section 264(c) of the Health Insurance Portability and Accountability Act of 1996[emphasis supplied] (42 U.S.C. 1320d-2 note). `(B) WAIVER AUTHORITY- In order to promote participation of sponsors in the program under this section, the Secretary may waive such relevant portions of regulations relating to privacy referred to in subparagraph (A), for such appropriate, limited period of time, as the Secretary specifies...."
THE CONFIDENTIALITY OF ALCOHOL AND DRUG ABUSE PATIENT RECORDS REGULATION AND THE HIPAA PRIVACY RULE: IMPLICATIONS FOR ALCOHOL AND SUBSTANCE ABUSE PROGRAMS
U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES Substance Abuse and Mental Health Services Administration Center for Substance Abuse Treatment
SAMHSA HIPAA AdSi Web Site
"Introduction
In the early 1970’s, Congress recognized that the stigma associated with substance abuse and fear of prosecution deterred people from entering treatment and enacted legislation that gave patients a right to confidentiality. For the almost three decades since the Federal confidentiality regulations (42 CFR Part 2 or Part 2) were issued, confidentiality has been a cornerstone practice for substance abuse treatment programs across the country. In December, 2000, the Department of Health and Human Services (HHS) issued the “Standards for Privacy of Individually Identifiable Health Information” final rule (Privacy Rule), pursuant to the Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), 45 CFR Parts 160 and 164, Subparts A and E.1 Substance abuse treatment programs that are subject to HIPAA must comply with the Privacy Rule.2 3 Substance abuse treatment programs that already are complying with Part 2 should not have a difficult time complying with the Privacy Rule, as it parallels the requirements of Part 2 in many areas. Programs subject to both sets of rules must comply with both, unless there is a conflict between them. Generally, this will mean that substance abuse treatment programs should continue to follow the Part 2 regulations. In some instances, programs will have to establish new policies and procedures or alter existing policies and practices. In the event a program identifies a conflict between the rules, it should notify the Substance Abuse and Mental Health Services Administration of HHS immediately for assistance in resolving the conflict...."
`Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003', or the `CAN-SPAM Act of 2003'
"(b) CONGRESSIONAL DETERMINATION OF PUBLIC POLICY- On the basis of the findings in subsection (a), the Congress determines that-- (1) there is a substantial government interest in regulation of commercial electronic mail on a nationwide basis; (2) senders of commercial electronic mail should not mislead recipients as to the source or content of such mail; and (3) recipients of commercial electronic mail have a right to decline to receive additional commercial electronic mail from the same source...."
>HIPAA Terms: An Annotated Glossary
A glossary of Administrative Simplification terms from certain of the rules promulgated under the
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
By Alan S. Goldberg, Esq., Steven J. Snyder, Esq., Bradley G. Allen, Esq., and Elizabeth C. Myers, Esq.
"This glossary of Administrative Simplification terms from certain of the rules promulgated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) is intended to provide an easily accessible educational reference for understanding the Transactions and Code Sets Rule, the Privacy Rule, and the Security Rule. In addition, this title includes a copy of portions of the 1998 proposed Security Rule (63 Fed. Reg. 43,242, 43,271-77 [August 12, 1998]). Although not contained in any final rule, this material provides definitions of terms, a list of acronyms, and a bibliography that continue to be useful to the practitioner working with HIPAA."
>See Sample Page from Glossary
Miscellaneous US Government HIPAA AdSi Links

>OCR HIPAA AdSi >CMS HIPAA AdSi TCS >CMS HIPAA AdSi Privacy >HRSA HIPAA >TRICARE HIPAA >SSA HIPAA
>US VA OGC HIPAA >US VA RESEARCH HIPAA >FEDREG
>FTC Gramm-Leach-Bliley Privacy Initiatives
"...This Notice discusses the effect of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Regulations, 45 C.F.R. parts 160 and 164, when the Service requests protected health information from a taxpayer or third party. Under these regulations, the Service will generally have additional burdens when requesting protected health information from a “covered entity” or a covered entity’s business associate. There are three exceptions that allow the Service to obtain protected health information while enforcing the Internal Revenue Code: the consent of the taxpayer, the law enforcement exception, and the administrative and judicial proceedings exception. This Notice discusses the standards for applying these exceptions...."
>IRS HIPAA AdSi cc-2004-034
CMS & HIPAA AdminSimp
>HIPAA AdSi TCS >HIPAA AdSi Privacy

CMS Guidance of July 24, 2003 - Compliance

>Administrator's Letter to Health Care Providers Regarding Contingency Plans of September 22, 2003
>MCS - March 14, 2003 FROM: Director Survey and Certification Group - Review of Protected Health Information and Applicability of Business Associate Agreements Under the Health Insurance Portability and Accountability Act (HIPAA) for the Purposes of Survey and Certification
>CMS - Program Memorandum Department of Health & Human Services (DHHS) Intermediaries/Carriers Centers for Medicare & Medicaid Services (CMS) Transmittal AB-03-034 Date: FEBRUARY 28, 2003 - Medicare Fee for Service Contractor Guidance on the HIPAA Privacy Rule
>CMS HIPAA AdSi Glossary
[Federal Register: August 22, 2003 (Volume 68, Number 163)] [Rules and Regulations] [Page 50717-50722]
>"Medicare Program; Electronic Submission of Cost Reports AGENCY: Centers for Medicare & Medicaid Services (CMS), HHS. ACTION: Final rule. SUMMARY: This final rule amends regulation by requiring that, for cost reporting periods ending on or after December 31, 2004, all hospices, organ procurement organizations, rural health clinics, Federally qualified health centers, community mental health centers, and end- stage renal disease facilities must submit cost reports currently required under the Medicare regulations in a standardized electronic format. This rule also allows a delay or waiver of this requirement when implementation would result in financial hardship for a provider. The provisions of this rule allow for more accurate preparation and more efficient processing of cost reports. DATES: Effective Date: The provisions of this final rule are effective September 22, 2003. Applicability Date: The provisions of this final rule are effective for cost reporting periods ending on or after December 31, 2004...."
>HIPAA AdSi ASCA Interim Final Rule August 14, 2003
"SUMMARY: This interim final rule with comment period implements the statutory requirement that claims for reimbursement under the Medicare Program be submitted electronically as of October 16, 2003,except where waived. This rule identifies those circumstances for which mandatory submission of electronic claims to the Medicare Program is waived. DATES: Effective date: October 16, 2003. These regulations are applicable for Medicare claims submitted on or after October 16, 2003. Comment date: Comments will be considered if we receive them at the appropriate address, as provided below, no later than 5 p.m. on October 14, 2003...."
HIPAA Administrative Simplification - Enforcement (HIPAA Transaction and Code Set Complaint Information)
>Revised Disclosure Desk Reference for Call Centers (Program Memorandum AB-03-077)
>Thomas A. Scully, CMS Administrator, Letter of July 18, 2003 to Medicare Providers
"Effective October 16, 2003, all electronic transactions covered by HIPAA must comply with these standards for format and content...."
From CMS: "National Provider Identifier (NPI) Final Rule Published - The Final Rule adopting the HIPAA standard unique health identifier for health care providers was published in the Federal Register on January 23, 2004. Health care providers can begin applying for NPIs on the effective date of the final rule, which is May 23, 2005. All health care providers are eligible to be assigned NPIs; health care providers who are covered entities must obtain and use NPIs. All HIPAA covered entities must use NPIs by the compliance dates (May 23, 2007 for all but small health plans; May 23, 2008 for small health plans)...."
American Hospital Association et al. ask Congress NOT to delay HIPAA electronic transactions standards rule enforcement date
Letter of September 26, 2001

"...Any legislative delay of the electronic transactions standards would unfairly penalize hospitals and health systems that have made the significant commitment of financial and staff resources necessary to meet the current October 2002 compliance deadline for those requirements. In enacting HIPAA, Congress deliberately sought predictability and ways to reduce the costs and burden of meeting the widely different health care claims form and content requirements of many different payers. According to HHS, there are some 400 different formats for electronic claims processing. HIPAA's electronic transactions standards are intended to standardize these formats and thus significantly reduce hospitals' administrative burden over time...The nation's hospital community strongly urges that HHS and Congress work together to develop an administrative policy that provides appropriate incentives for the entire health care field to expedite implementation of the electronic transactions standards, and that allows flexibility for those hospitals that might need some additional time to achieve full compliance by the October 2002 deadlines...."

/s/ American Hospital Association, Association of American Medical Colleges, Cleveland Clinic Foundation, Federation of American Hospitals, Premier, Inc., & VHA Inc.
>ACLA, AHCA, AHA, AMA, Premier, Inc., VHA
letter of July 1, 2003 to Secretary Thompson
"...We believe it is essential for HHS to take the following steps to prevent the impending 'train wreck' on October 16th [2003]...."
>NCVHS letter of June 25, 2003 to Secretary Thompson
"...Despite the diversity of representation of the groups who provided testimony and letters, there was overall agreement that the Federal government should permit operational compliance, as opposed to strict technical compliance, for a limited period of time following the October 16 deadline. This would allow for the necessary trading partner testing to take place across the industry, as well as mitigate any potential unintended adverse consequences to provider cash flow and patient care...."
>American Association of Health Plans letter of June 6, 2003 to Tom Scully, Administrator, CMS, regarding TCS rule compliance
>American Hospital Association letter of April 17, 2003 to Tom Scully, Administrator, CMS, regarding enforcement
"...AAHP does not support a delay in the October 16, 2003 compliance date of the TCS rule. An implementation delay could penalize those covered entities that have invested the time, resources and commitment to implement the HIPAA standards. At the same time, we do believe that CMS should provide a smooth transition from the current electronic transaction standards used by health plans, health care providers, and health care clearinghouses to the standards that will be required when the TCS rule goes into effect. We urge CMS to adopt the WEDI recommendations to achieve this goal. We appreciate your work to simplify administrative procedures and we are eager to work...."
>WEDI letter of April 15, 2003 to CMS
"The issue at hand is how does the industry make the short-term transition from its current state to a successful implementation, given a substantial degree of noncompliance in October 2003, and thus avoid the so-called train wreck that will result from reversion to paper claims or stoppage of cash (payment) flows."
>AHA letter of May 19, 2003 to CMS
"...[W]e propose development of a system-wide implementation plan that clearly outlines remedial actions that every health plan must take to ensure that an adequate level of cash flows to hospitals is maintained as the field transitions to HIPAA standardized claims."
>American Hospital Association letter of June 16, 2003 to CMS regarding civil monetary penalties, health care claims, & privacy
"...We look forward to working with you to make sure that the efforts related to HIPAA enforcemennt appropriately encourage improvements in hospitals' compliance programs...."
American Hospital Association letter of June 25, 2003 to Secretary Thompson regarding transactions codes"...At the TCS implementation date approaches, hospitals are growing increasingly concerned about the potential for disruption in the current claims submission and payment cycles that might result from poor, improper or incomplete implementation of the HIPAA standard transactions...."
DHHS Office for Civil Rights HIPAA AdminSimp Privacy Rule Site
Miscellaeous OCR Materials
>OCR/HIPAA Privacy/Security/Enforcement Rules Text August 2003 Compiled Unofficial Version
>Superceded Unofficial Version October 8, 2002
OCR Letters Responding to HIPAA AdminSimp Inquiries
>OCR letter dated April 25, 2003 to Social Security Administration
Form SSA-827 & Privacy Rule Authorizations
>Nine OCR HIPAA AdSi Response Letters
OCR Letters Responding to HIPAA AdminSimp Inquiries
>Letters dated 12/09/02 to OCR & 4/01/03 from OCR about state board of pharmacy inspections & HIPAA AdminSimp accountings for disclosures
>Letter from OCR to Ely Lily & Company dated 4.15.03 - Institutional Review Boards & Authorizations under HIPAA AdminSimp
Human Research - HIPAA AdminSimp & Beyond
>NIH Publication 03-5388 (undated) HIPAA AdminSimp Privacy & Research - Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule
>NIH HIPAA Web Site - The HIPAA Privacy Rule and Research
>US Department of Health & Human Services Office for Human Research Protections
>Department of Health and Human Services OFFICE OF INSPECTOR GENERAL May 2003 Report
To determine if Medicare Part A providers expect to comply with the electronic data transaction standards and code sets mandated by the Health Insurance Portability and Accountability Act (HIPAA) by October 2003.
www.hipaanotice.com
>Readability of HIPAA Privacy Notices
Mark Hochhauser, Ph.D., Readability Consultant, 3.12.03, "...had a consulting relationship with the US Department of Health and Human Services and the Health Resources and Services Administration (HRSA) in 2002 on the readability of HIPAA privacy notices."
>HIPAA Notice of Privacy Practices HRSA Web Page Link
>HIPAA Notice of Privacy Practices HRSA Web Page .pdf
"Plain Language Principles and Thesaurus for Making HIPAA Privacy Notices More Readable Prepared for the Health Resources and Services Administration, in consultation with the Office for Civil Rights, and other offices and agencies within the U.S. Department of Health & Human Services, Washington, D.C., and plain language specialists...."
Notices of Privacy Practices on the Web
Links are not necessarily to the most current versions of the documents referenced and are not intended to constitute links to official versions of such documents. Contact the entity referenced at any linked site in order to obtain the official and most current document version.
>Centers for Medicare & Medicaid Services Notice
>MetLife® Dental HIPAA Notice
>MetLife® Long Term Care HIPAA Notice
>MetLife® Medical Insurance HIPAA Notice
>Aetna Notices
>University of Michigan Health System
>WorkCare™
>Bothwell Regional Health Center
>Siouxland Community Health Center
>Rhode Island Department of Human Services (Long Version)
>Rhode Island Department of Human Services Notice (Short Version)
>American Republic Insurance Company
>United Concordia Dental Insurer
>Partners Healthcare Boston, MA Notice
Lawyers & HIPAA Administrative Simplification Privacy Rule Business Associate Agreements
>Preamble to Privacy Rule Final Amendments, Lawyers & Business Associate Agreements Commentary by HHS
>North Carolina Society of Healthcare Attorneys HIPAA AdSi Business Associate Agreeement Form - For Discussion & Informational Purposes Only
>Maryland State Bar Association Health Law Section Business Associate Agreement for Attorneys - For Illustrative Purposes Only
>Virginia Bar Association Business Associate Agreement Web Page - "not intended to offer legal advice..."
Goldberg Dates HIPAA(sm)
(Webmaster's Chart of Some Important HIPAA Administrative Simplification Dates)
The Webmaster's US Government & Other LeadingLinks (SM) & Information
>ABA HLS
[Link to FIRST GOV Home Page]

[Link to THOMAS Home Page]
Library of Congress Databases -- Legislation, Congressional Record, and Committees

Centers for Medicare & Medicaid Services HIPAA Administrative Simplification
>Delegation of authority within Centers for Medicare & Medicaid Services for HIPAA Administrative Simplification

>CMS Provider HIPAA Readiness Checklist - Getting Started- Moving toward Compliance with the Electronic Transactions & Code Sets Requirements


>CMS HIPAA Electronic Transactions & Code Sets Information Series - HIPAA 101 For Health Care Providers' Offices - 1/03
>CMS Medicare Handbook Including Medicare Program HIPAA Medicare & You: Notice of Privacy Practices 2003 (via CMS Web site)

>HHS Frequently Asked Questions About Electronic Transaction Standards Adopted Under HIPAA
>HHS Frequently Asked Questions About Code Set Standards Adopted Under HIPAA
>Centers for Medicare & Medicaid Services (CMS) HIPAA Web Site
>CMS Roundtable Feb. 2003 Transcript
>CMS HIPAA Questions & Answers
>Office for Civil Rights (OCR) HIPAA Web Site
>OCR Summary of HIPAA AdminSimp Final Privacy Rule of 4.11.03

>From Office for Civil Rights Link to HHS HIPAA Q&A Web Site
>Office for Civil Rights Business Associate Agreement Sample From Federal Register of August 14, 2002
>OCR Complaint Procedure from Federal Register March 20, 2003
>OCR 10/2/02 -- New Frequently Asked Questions About the HIPAA Privacy Rule are now available
>HHS HIPAA-DSMO Frequently Asked Questions
>Medicare & You: Notice of Privacy Practices 2003
>CMS HIPAA Complaint Form Electronic Submission
>CMS HIPAA Complaint Form Paper Submission

>Office of Management & Budget - Office of Information and Regulatory Affairs (OIRA) - Executive Order Submissions Under Review

>Federal Register Online

>OIG/American Health Lawyers As'n -- Corporate Responsibility & Corporate Compliance: A Resource for Health Care Boards of Directors (corrected version, 4/03)

>Office of the Inspector General

>Corporate Integrity Agreements

>Excluded Individuals & Entities

>JCAHO HIPAA Business Associate Agreement Form Explanation
>JCAHO HIPAA Business Associate Agreement Form (.pdf)
>Massachusetts Medical Society Getting Ready for HIPAA (.pdf)


THE CONFIDENTIALITY OF ALCOHOL AND DRUG ABUSE PATIENT RECORDS REGULATION AND THE HIPAA PRIVACY RULE: IMPLICATIONS FOR ALCOHOL AND SUBSTANCE ABUSE PROGRAMS
U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES Substance Abuse and Mental Health Services Administration Center for Substance Abuse Treatment
SAMHSA HIPAA AdSi Web Site

"...This Notice discusses the effect of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Regulations, 45 C.F.R. parts 160 and 164, when the Service requests protected health information from a taxpayer or third party. Under these regulations, the Service will generally have additional burdens when requesting protected health information from a “covered entity” or a covered entity’s business associate. There are three exceptions that allow the Service to obtain protected health information while enforcing the Internal Revenue Code: the consent of the taxpayer, the law enforcement exception, and the administrative and judicial proceedings exception. This Notice discusses the standards for applying these exceptions...."
>IRS HIPAA AdSi cc-2004-034

HIPAA AdminSimp Preemption
Office for Civil Rights Answer ID 464 Category Privacy of Health Information/HIPAA Notice of Privacy Practices Smaller Providers/Small Businesses Date Updated 09/03/2003 04:00 PM
"Must a covered entity with a Notice that reflects more stringent State laws revise its Notice every time a State law changes? Question Must a covered entity with a Notice of Privacy Practices that reflects more stringent State laws of multiple States, revise the whole Notice every time one State law materially changes?
Answer The Privacy Rule requires the Notice of Privacy Practices (Notice) to identify, among other things, what uses and disclosures the covered entity may make of protected health information. The Notice must reflect any State law(s) that is more stringent than the Privacy Rule with respect to the use or disclosure of this information. Where the covered entity is subject to the privacy laws of multiple States, the more stringent use and disclosure laws of each of the States, if any, must be reflected in the Notice. See 45 CFR 164.520(b)(1)(ii)(C). When there is a material revision to the Notice based on a change in State law, covered entities must use the revised Notice to meet the Rule’s requirements for distribution of the Notice that occur on or after the effective date of the revised Notice. See, generally, §§164.520(c)(1)-(3). In particular, a health plan must provide individuals (in most cases, the named insured) then covered by the plan with the revised Notice within 60 days of the revision. See §164.520(c)(1)(i)(C). The Notice requirements are intended to ensure that individuals are fairly informed about how a covered entity may use or disclose their personal health information, including important limitations imposed by State law. Although a covered entity can describe more stringent State privacy laws in the uses and disclosures section of its Notice, this may be more confusing than informative to the individual, particularly where multiple and varying State laws may be applicable. There are other ways a covered entity can design its Notice that may make this information easier for the individual to read and understand, as well as to facilitate the covered entity’s ability to keep the information current and accurate. For instance, a general statement could be included in the uses and disclosures section of the Notice that clearly identifies and refers the reader to a separate section of the Notice which describes the more stringent State privacy law(s) and more fully informs the reader about how protected health information may be used and disclosed. Thus, when more stringent State privacy laws materially change the covered entity’s privacy practices, the covered entity would need to revise only the section of the Notice that contains the State law specific information. Having a separable section on more stringent State laws can also facilitate distribution of the revised Notice when material changes occur in this section of the Notice. The revised State law section, if on a separate page, may be more readily inserted in or associated with existing Notices in place of the out-dated material."
>American Hospital Association HIPAA State Preemption Data Base
>American Bar Association Health Law Section HIPAA State Preemption Project (accessible only to members of the ABA)
>Links to State Law HIPAA AdSi Preemption Internet Sites
>OCR HIPAA AdSi >CMS HIPAA AdSi TCS >CMS HIPAA AdSi Privacy >HRSA HIPAA >TRICARE HIPAA >SSA HIPAA
>US VA OGC HIPAA>US VA RESEARCH HIPAA
Good Bye HCFA, Hello CMS pursuant to
July 5, 2001 Federal Register HHS Order:
Centers for Medicare and Medicaid Services
Health & Human Services CMS 6/14/01 Fact Sheet
Search the HHS Employee Directory

Privacy, Security, HIPAA Administrative Simplification & Beyond: Litigation
US, ex rel. Scott Pogue vs. Diabetes Treatment Centers of American, et al., Civil No. 99-3198, US DC for DC, May 17, 2004"...Florida laws governing patients' privacy rights in medical information are contrary to HIPAA...."
Anonymous, on behalf of himself and all others similarly situation, Plaintiff, vs. CVS Corporation et al., Defendants, Supreme Court of the State of New York, Counthy of New York: Commercial Division - December 9, 2003
Direct court link:CVS
Pharmacy sales of their customer records without consent violates confidentialiy of customer information under New York State common law & under N.Y. Gen. Bus. Law Section 349 and NYCRR Sections 29.1(a) and (b)(8).
WELD, et al. v. GLAXO WELLCOME, INC., et al.
JOHN WELD, JR., & another vs. GLAXO WELLCOME INC. & others, regarding certification of class action in alleged privacy violation conspiracy litigation.
Suffolk. December 8, 2000. - May 1, 2001
Massachusetts Supreme Judicial Court SJC-08363
Indictment
of computer programmer Dmitry Sklyarov & ElComSoft Co. Ltd., Moscow, alleging copyright violations for creating a software application allegedly circumventing copyright protections under the Digital Millennium Copyright Act, relative to Adobe Systems Inc.'s eBook Reader (R).
>University of Colorado Hospital Authority v. Denver Publishing Co., No. 03-WM-1977 (D. Colo. Aug. 2, 2004)
HIPAA AdSi Is No Basis for Hospital Claim Against Newspaper For Alleged Privacy Violations
Bartnicki v. Vopper, No. 99-1687 (2001) Argued December 5, 2000 Decided May 21, 2001* CERTIORARI TO THE UNITED STATES COURT OF APPEALS FOR THE THIRD CIRCUIT

"[A] stranger's illegal conduct does not suffice to remove the First Amendment shield from speech about a matter of public concern...."
SUPREME COURT OF THE UNITED STATES
KYLLO v. UNITED STATES
CERTIORARI TO THE UNITED STATES COURT OF APPEALS FOR THE NINTH CIRCUIT No. 99—8508. Argued February 20, 2001–Decided June 11, 2001

"[T]he information obtained by the thermal imager [in 1992] in this case was the product of a search. The Court rejects the Government’s argument that the thermal imaging must be upheld because it detected only heat radiating from the home’s external surface. Such a mechanical interpretation of the Fourth Amendment was rejected in Katz, where the eavesdropping device in question picked up only sound waves that reached the exterior of the phone booth to which it was attached. Reversing that approach would leave the homeowner at the mercy of advancing technology–including imaging technology that could discern all human activity in the home. [emphasis supplied] ...."
IN THE UNITED STATES DISTRICT COURT FOR THE SOUTHERN DISTRICT OF TEXAS HOUSTON DIVISION

THE ASSOCIATION OF AMERICAN PHYSICIANS & SURGEONS, INC., CONGRESSMAN RON PAUL, M.D., DAWN RICHARDSON, REBECCA REX AND DARRELL MCCORMICK, Plaintiffs, vs. UNITED STATES DEPARTMENT OF HEALTH AND HUMAN SERVICES AND TOMMY G. THOMPSON, AS SECRETARY OF THE U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES Defendants.

COMPLAINT FOR DECLARATORY RELIEF

Dismissal of The Association of American Physicians and Surgeons et al. Complaint

D e c i s i o n
filed IN THE UNITED STATES DISTRICT COURT FOR THE WESTERN DISTRICT OF VIRGINIA ABINGDON DIVISION UNITED STATES OF AMERICA v. FRANKLIN SUTHERLAND, Defendant, Case No. 1:00CR00052, Case No. 1:00CR00093, OPINION AND ORDER, By: James P. Jones, United States District Judge
"[T]he [HIPAA] Standards indicate a strong federal policy to protect the privacy of patient medical records, and they provide guidance to the present case...." "Although not presently binding on the Hospital or this court, I find these [HIPAA] regulations to be persuasive in that they demonstrate a strong federal policy of protection for patient medical records...."
Physician's unauthorized use of hospital system's computerized medical records does not give rise to violation of Computer Fraud and Abuse Act by hospital system.
Doe v. Dartmouth-Hitchcock Medical Center, D. N.H., No. CV-00-100-M, 7/19/01)
>US v. Gibson, W.D. Wash. No.CR04-0374RFM, Seattle, US Att'y HIPAA AdSi Criminal Information
>US v. Gibson, W.D. Wash. No.CR04-0374RFM, Seattle, US Att'y HIPAA AdSi Criminal Plea of Defendant
>Amended Complaint
>Citizens for Health et al. vs. Tommy G. Thompson, Complaint for Declaratory and Injunctive Relief April 10, 2003 USDC ED PA
Plaintiffs seek invalidation of those parts of the HIPAA AdminSimp final privacy rule eliminating any requirement for consent to be obtained prior by a covered entity prior to using or disclosing protected health information for treatment, payment, or health care operations.
>Citizens v. Thompson Memorandum & Order of April 2, 2004 USDC ED PA
3rd Circuit Court of Appeals Decision
>Petition for Rehearing
First reported HIPAA Administrative Simplification preemption decision:
United States of America ex rel. Mary Jane Stewart et al., v. The Louisiana Clinic, et al., Civil Action No. 9901767, Section "N" (2), U. S. District COurt, E. D. Louisiana, December 11, 2002
PA Court Decides Telephone Use In Home and Presumption of Privacy Are NOT Compatible; the majority opinion in
Commonwealth of Pennsylvania v. Rekasie can viewed at:
http://www.aopc.org/OpPosting/Supreme/out/J-52-2000-mo.pdf
A concurring opinion can be read at: http://www.aopc.org/OpPosting/Supreme/out/J-52-2000-co.pdf
The dissents are at: http://www.aopc.org/OpPosting/Supreme/out/J-52-2000-do.pdf and http://www.aopc.org/OpPosting/Supreme/out/J-52-2000-do2.pdf
DECISION IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF SOUTH CAROLINA COLUMBIA DIVISION
SOUTH CAROLINA MEDICAL ASSOCIATION et al., Plaintiffs, vs. UNITED STATES DEPARTMENT OF HEALTH AND HUMAN SERVICES et al., Defendants, August 14, 2002
[Civil Docket No. 3:01-CB-2965]
DECISION

C o m p l a i n t
for Declaratory Relief
"1. This case is a constitutional challenge to several provisions of Subtitle F, entitled 'Administrative Simplification' found in Public Law 104-191, known as the Health Insurance Portability and Accountability Act ('HIPAA'), enacted by Congress on August 21, 1996. This case also challenges the regulations promulgated pursuant to HIPAA by the Department of Health and Human Services ('HHS') found at 45 C.F.R. Parts 160 and 164. The challenged HHS regulations promulgated in Parts 160 and 164 and entitled 'Standards for Privacy of Individually Identifiable Health Information' and will be referred to as the 'HHS Privacy Regulations'...
...
...Prayer For Relief
Wherefore, Plaintiffs request:
52. A declaratory judgment that Section 264(c)'s delegation of legislative power is unconstitutional.
53. A declaratory judgment that the HHS Privacy Regulations promulgated pursuant to Section 264(c) are unconstitutional and in direct contradiction to the intent of Congress.
54. A declaratory judgment that the pre-emption provisions of Section 1178(2)(B) of Public Law 104-191 and Section 264(c)(2) are unconstitutionally vague...."


Decision of April 25, 2003 of United States Court of Appeals Affirming District Court Decision
"Appellants, South Carolina Medical Association, Physicians Care Network, and several individual doctors, filed suit seeking to have declared unconstitutional several provisions of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), Pub. L. No. 104-191, 110 Stat. 1936 (1996). Because Congress laid out an intelligible principle in HIPAA to guide agency action, we reject appellants’ claim that the statute impermissibly delegates the legislative function. We also conclude that regulations promulgated pursuant to HIPAA are not beyond the scope of the congressional grant of authority, and that neither the statute nor the regulations are impermissibly vague. Accordingly, we affirm...."

United States v. Mead Corp., No. 99-1434 (2001) Argued November 8, 2000 Decided June 18, 2001 CERTIORARI TO THE UNITED STATES COURT OF APPEALS FOR THE FEDERAL CIRCUIT

"[T]his Court identified a category of interpretive choices distinguished by an additional reason for judicial deference, recognizing that Congress engages not only in express, but also in implicit, delegation of specific interpretive authority. It can be apparent from the agency's generally conferred authority and other statutory circumstances that Congress would expect the agency to be able to speak with the force of law when addressing ambiguity in the statute or fills in a space in the enacted law, even one about which Congress did not have intent as to a particular result. [emphasis supplied] When circumstances implying such an expectation exist, a reviewing court must accept the agency's position if Congress has not previously spoken to the point at issue and the agency's interpretation is reasonable...There is no indication on the statute's face that Congress meant to delegate authority to Customs to issue classification rulings with the force of law...."

HIPAA AdSi Proposed Enforcement Rule Filed April 14, 2005 To Be Published in Federal Register
As published in Federal Register April 18, 2005
May 9, 2001 letter from Representatives Bill Thomas and Nancy Johnson proposing changes in the final HIPAA privacy rule
Letter
Attachment Portion One
Attachment Portion Two
Attachment Portion Three
Cong. E. Markey, Senators E. M. Kennedy & H. R. Clinton, et al.

letter of May 25, 2001

to Secretary Thompson of HHS regarding HIPAA privacy rule
The following provided the foundation for much of what appears in the US Department of Health and Human Services HIPAA rules:
FOR THE RECORD
"...This report examines the motivations behind the growing use of information technology within the health care industry; identifies related privacy and security concerns; and assesses a wide variety of mechanisms for protecting privacy and security in health care applications of information technology. As the report demonstrates, a variety of technical and nontechnical practices are available for protecting electronic health information held by individual organizations. Such practices do not address the privacy concerns that stem from the widespread and relatively unregulated dissemination of information among institutions in the health care industry, including providers, payers, researchers, and oversight agencies...."
Be a HIPAA HERO ® www.hipaahero.com ®

National HIPAA Summit Series Web Site
Health Care HIPAA
PUBLIC LAW 104-191 AUG. 21, 1996
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996
Goldberg Dates HIPAA(sm)
(Webmaster's Chart of Some Important HIPAA Administrative Simplification Dates)
>HHS Office for Civil Rights HIPAA
Guidance Documents - Office for Civil Rights - HIPAA Medical Privacy - National Standards to Protect the Privacy of Personal Health Explaining Significant Aspects of the Privacy Rule - December 4, 2002 & revised April 3, 2003

>http://www.hhs.gov/ocr/hipaa/privacy.html

>12.02 OCR Privacy Rule Guidance .pdf format

>4.03 Revision of 12.02 Privacy Rule Guidance .pdf format

>4.03 Revision of 12.02 Privacy Rule Guidance .html format

>CompareRite(TM) version of 4.03 version vs. 12.02 version of 12.02 Privacy Rule Guidance .pdf format
HIPAA Guidance Published July 6, 2001 on the Office for Civil Rights HIPAA web site and subsequently withdrawn
HHS HIPAA Final Privacy Rule General Overview
"The following is an overview that provides answers to general questions regarding the regulation entitled, Standards for Privacy of Individually Identifiable Health Information (the Privacy Rule), promulgated by the Department of Health and Human Services (HHS), and process for modifications to that rule. Detailed guidance on specific requirements in the regulation is presented in subsequent sections, each of which addresses a different standard...."
Delegation of authority within Centers for Medicare & Medicaid Services for HIPAA Administrative Simplification
New HIPAA Administrative Simplification Rules Published
February 13, 2003

Unofficial Version from CMS. Note: These are large files & could take substantial time to open or download.

Final Security Rule   

Modifications to Electronic Data Transaction Standards & Code Sets

HIPAA AdSi Security Rule Educational Materials
Federal Register Publication of New HIPAA Administrative Simplification Rules

Note: These are large files & could take substantial time to open or download.

Final Security Rule

Modifications to Electronic Data Transaction Standards & Code Sets

[Note: http://world.std.com/~goldberg/modsdatafed.pdf
temporarily removed because of errors in version published in Federal Register. Revised version will be posted as soon as available.]

Note: Enforcement/compliance date of final security rule commences upon expiration of two years after effective date, which should be sixty days after publication date in Federal Register; counting days on the calendar results in sixty days from February 20, 2003 being April 21, 2003 ; and CMS & OCR have unofficially stated that the enforcement date is April 21, 2005 (except for small health plans, which have an extra year to comply). Note, however, the following from the Federal Register of February 20, 2003 indicating an apparent one day error in the final security rule compliance date: "DATES: Effective Date: These regulations are effective on April 21, 2003. Compliance Date: Covered entities, with the exception of small health plans, must comply with the requirements of this final rule by April 21, 2005. Small health plans must comply with the requirements of this final rule by April 21, 2006...." in the beginning of the Federal Register; but at the end in the actual rule: "§ 164.318 Compliance dates for the initial implementation of the security standards. (a) Health plan. (1) A health plan that is not a small health plan must comply with the applicable requirements of this subpart no later than April 20, 2005 [sic]. (2) A small health plan must comply with the applicable requirements of this subpart no later than April 20, 2006 [sic]. (b) Health care clearinghouse. A health care clearinghouse must comply with the applicable requirements of this subpart no later than April 20, 2005 [sic]. (c) Health care provider. A covered health care provider must comply with the applicable requirements of this subpart no later than April 20, 2005 [sic]...."
Amendment to HIPAA Final Privacy Rule Published August 14, 2002, General Initial Enforceability Date: April 14, 2003
(see special business associate provisions regarding April 14, 2004 or prior enforcement date)
DEPARTMENT OF HEALTH AND HUMAN SERVICES Office of the Secretary 45 CFR Parts 160 and 164
Individually identifiable health information; privacy standards -- Preamble & Rule - .pdf
Federal Register, August 14, 2002, pages 53181–53273
Individually identifiable health information; privacy standards -- Rule Only - .pdf
Federal Register, August 14, 2002, pages 53266–53273
Individually identifiable health information; privacy standards -- Preamble & Rule - .doc
Federal Register, August 14, 2002, pages 53181–53273
Individually identifiable health information; privacy standards -- Preamble & Rule - .html
Federal Register, August 14, 2002, pages 53181–53273
Individually identifiable health information; privacy standards -- Preamble & Rule - .wpd
Federal Register, August 14, 2002, pages 53181–53273

DEPARTMENT OF HEALTH AND HUMAN SERVICES Office of the Secretary 45 CFR Parts 160 and 164
Amendments first published August 9, 2002 unofficially by HHS Office for Civil Rights
Standards for Privacy of Individually Identifiable Health Information
To be published in Federal Register August 14, 2002
May 31, 2002 Federal Register Publication of NPRMs & Final Rule
Notice of Proposed Rulemaking: Pharmacy Transactions and Data Code Sets Rule Changes
Notice of Proposed Rulemaking: Designated Standards Maintenance Organizations Recommended Transactions & Date Code Sets Rule Changes
National Employer Identifier Final Rule
S 1684; & Administrative Simplification Compliance Act
HR 3323 signed by the President on December 27, 2001
Unofficial Legislative History & Intent Concerning HR 3323: Administrative Simplification Compliance Act
>HIPAA AdSi ASCA Interim Final Rule August 14, 2003
"SUMMARY: This interim final rule with comment period implements the statutory requirement that claims for reimbursement under the Medicare Program be submitted electronically as of October 16, 2003,except where waived. This rule identifies those circumstances for which mandatory submission of electronic claims to the Medicare Program is waived. DATES: Effective date: October 16, 2003. These regulations are applicable for Medicare claims submitted on or after October 16, 2003. Comment date: Comments will be considered if we receive them at the appropriate address, as provided below, no later than 5 p.m. on October 14, 2003...."
>[Federal Register: August 22, 2003 (Volume 68, Number 163)] [Rules and Regulations] [Page 50717-50722]
"Medicare Program; Electronic Submission of Cost Reports AGENCY: Centers for Medicare & Medicaid Services (CMS), HHS. ACTION: Final rule. SUMMARY: This final rule amends regulation by requiring that, for cost reporting periods ending on or after December 31, 2004, all hospices, organ procurement organizations, rural health clinics, Federally qualified health centers, community mental health centers, and end- stage renal disease facilities must submit cost reports currently required under the Medicare regulations in a standardized electronic format. This rule also allows a delay or waiver of this requirement when implementation would result in financial hardship for a provider. The provisions of this rule allow for more accurate preparation and more efficient processing of cost reports. DATES: Effective Date: The provisions of this final rule are effective September 22, 2003. Applicability Date: The provisions of this final rule are effective for cost reporting periods ending on or after December 31, 2004...."
HIPAA Administrative Simplification Act Frequently Asked Questions January 31, 2002
HIPAA Administrative Simplification NPRM
Further to Amend Final Privacy Rule
HHS Announcement for NPRM HHS Fact Sheet for NPRM
Notice of Proposed Rulemaking for Amendment to HIPAA Administrative Simplification Final Privacy Rule
Published in Federal Register on March 27, 2002
[Note: this is the text/.html version from the Federal Register in .html format.]
Notice of Proposed Rulemaking for Amendment to HIPAA Administrative Simplification Final Privacy Rule
Published in Federal Register on March 27, 2002
[Note: this is the text/.html version from the Federal Register converted to Adobe Acrobat .pdf (R)]
Notice of Proposed Rulemaking for Amendment to HIPAA Administrative Simplification Final Privacy Rule
Published in Federal Register on March 27, 2002
[Note: this is the text/.html version from the Federal Register converted to Microsoft Word for Windows (R) .doc format.]
Notice of Proposed Rulemaking for Amendment to HIPAA Administrative Simplification Final Privacy Rule
Published in Federal Register on March 27, 2002
[Note: this is the text/.html version from the Federal Register converted to Corel WordPerfect (R) .wpd format.]
[Note: Opening .wpd documents via an Internet browser might not work; instead, download and open in Corel WordPerfect (R).]
Notice of Proposed Rulemaking for Amendment to HIPAA Administrative Simplification Final Privacy Rule
As published in Federal Register on March 27, 2002
Unofficial NPRM HIPAA Amendment to Final Privacy Rule to be published in Federal Register March 27, 2002
Adobe Acrobat .pdf file (R)
Unofficial NPRM HIPAA Amendment to Final Privacy Rule to be published in Federal Register March 27, 2002
Microsoft Word for Windows.doc file (R)
Unofficial NPRM HIPAA Amendment to Final Privacy Rule to be published in Federal Register March 27, 2002
Corel WordPerfect for Windows .wpd file (R)
[Note: Opening .wpd documents via an Internet browser might not work; instead, download and open in Corel WordPerfect (R).]
Unofficial NPRM HIPAA Amendment to Final Privacy Rule to be published in Federal Register March 27, 2002
HTML format .html file
Unofficial NPRM HIPAA Amendment to Final Privacy Rule -- Rule Only to be published in Federal Register March 27, 2002
Corel WordPerfect for Windows .wpd file (R)
[Note: Opening .wpd documents via an Internet browser might not work; instead, download and open in Corel WordPerfect (R).]
Unofficial NPRM HIPAA Amendment to Final Privacy Rule -- Model Business Associate Agreement -- Form Only to be published in Federal Register March 27, 2002
Corel WordPerfect for Windows .wpd file (R)
[Note: Opening .wpd documents via an Internet browser might not work; instead, download and open in Corel WordPerfect (R).]
HIPAA Proposed Privacy Rule Model Authorization Form -- NOT included in Final Rule -- Published in Federal Register November 3, 1999
Adobe Acrobat .pdf file (R)
HIPAA Proposed Privacy Rule Sample Content of Provider Notice -- NOT included in Final Rule -- Published in Federal Register November 3, 1999
HTML format .html file
HIPAA Guidance Published July 6, 2001 on the Office for Civil Rights HIPAA web site
OCR HIPAA Web Site
Copy of the complete Guidance document in Microsoft Word for Windows 97/2000 format:
HHS HIPAA Final Privacy Rule General Overview
"The following is an overview that provides answers to general questions regarding the regulation entitled, Standards for Privacy of Individually Identifiable Health Information (the Privacy Rule), promulgated by the Department of Health and Human Services (HHS), and process for modifications to that rule. Detailed guidance on specific requirements in the regulation is presented in subsequent sections, each of which addresses a different standard...."
STATEMENT BY TOMMY G. THOMPSON
Final Privacy Rule Takes Effect April 14, 2001
HIPAA Preamble & Final Privacy Rule From Federal Register December 28, 2000
privone.pdf privtwo.pdf privthree.pdf privfour.pdf privfive.pdf privsix.pdf privseven.pdf priveight.pdf

HIPAA Final Privacy Rule Without Preamble
pp. 82798 et seq privsevenrule.pdf priveight.pdf

Office for Civil Rights Delegation
Technical Corrections
to the Standards for Privacy of Individually Identifiable Health Information published December 28, 2000
82944 Federal Register / Vol. 65, No. 251 / Friday, December 29, 2000 / Rules and Regulations
Correction of Effective Date and Compliance Dates
to the Standards for Privacy of Individually Identifiable Health Information published February 26, 2001
12434 Federal Register / Vol. 66, No. 38 / Monday, February 26, 2001 / Rules and Regulations
Additional Comment Period for Final Privacy Rule
Standards for Privacy of Individually Identifiable Health Information
12738 Federal Register / Vol. 66, No. 40 / Wednesday, February 28, 2001 / Rules and Regulations
"SUMMARY: This action provides for the submission of comments on a technical amendment to the final rule adopting standards for privacy of individually identifiable health information published on December 28, 2000, in the Federal Register (65 FR 82462), to convert it to a final rule with request for comments. The purpose of this action is to permit public comment on the final rule for a limited period before the rule becomes effective. DATES: 1. Comments will be considered if received as provided below, no later than 5 p.m. on March 30, 2001. 2. The effective date of the final rule with request for comments published December 28, 2000 (65 FR 82462) was corrected to be April 14, 2001. See 66 FR 12434 (February 26, 2001)...."
Adobe Acrobat (R) PDF file from AdminSimp WPD file - HIPAA Preamble & Final Privacy Rule (this is a large file; be patient please)
Adobe Acrobat (R) PDF file from AdminSimp WPD file - HIPAA Final Privacy Rule Only (this is a large file; be patient please)
Adobe Acrobat (R) PDF file from AdminSimp WPD file - HIPAA Final Privacy Rule [before August 2002 Amendments]Definitions Sections Only
Adobe Acrobat (R) PDF file - President's Speech
December 20, 2000 announcing HIPAA Final Privacy Rule
Adobe Acrobat (R) PDF file - White House HIPAA Fact Sheet December 20, 2000 Final Privacy Rule
Andrew W. Card, Jr./White House Regulatory Review Plan Memorandum of January 20, 2001 -- Final Rule Postponement
The HIPAA Pledge
“I pledge to preserve, protect, and defend the security, privacy and confidentiality of individually identifiable health information, to the best of my ability, and in furtherance of the best interests of more than 281,000,000 patients.”

Top

(Adobe Acrobat (R) PDF files take several minutes to open or download)
Goldberg on E-Health: Security and Health Care: A Basic Introduction to PKI-Lite
For trial subscription to BNA - American Health Lawyers Association E-Health Law & Policy Report
HIPAA Standards for Electronic Transactions Final Rule Federal Register/Vol. 65, No. 160/Thursday, August 17, 2000/Pages 50311-50372/Rules and Regulations

Preamble & Rule

(The Rule begins on page 50365)

Preamble PDF Preamble DOC and Rule Text PDF Rule Text DOC
as submitted to the Federal Register and put on display August 11, 2000 at
Preamble HTML and Rule Text HTML HCFA web pages

The compliance date is 26-months (38 months for small health plans) after Federal Register publication.

Top

HIPAA 3 NOV 1999 Proposed Privacy Rule comments are posted on the Web

Proposed Privacy Rule Comments

via the US Department of Health and Human Services web site - please note that these Comments contain strong and to some, what might be offensive, language.

Latest HCFA HIPAA Administrative Simplification Rules Promulgation Status

HCFA Administrative Simplification Site

A final rule that exempts the new system of records, the Healthcare Integrity and Protection Data Bank (HIPDB), from certain provisions of the federal Privacy Act (5 U.S.C. 552a). The establishment of the HIPDB is required by section 1128E of the Social Security Act, as added by section 221(a) of HIPAA. Regulations implementing the new HIPDB were published in the Federal Register on October 26, 1999 (64 FR 57740).
HIPAA

DEC 28, 2000 Proposed Privacy Rule Comments

American Hospital Assocication Comments
National Association of Public Hospitals Comments

NOV 3, 1999 Proposed Privacy Rule Comments

AAHP Comments
AHA Comments
AAMC Comments
HIMA Comments
AMIA Comments
AHCA Comments
WEDI Comments
NAIC Comments
FAHS Comments
AMA Comments
IHCRP Comments
NAAG Comments
Aggregated General Topic HHS HIPAA FAQs
HIPAA Proposed Privacy Rule and Official Commentary Published in Federal Register 3 NOV 1999
Standards for Privacy of Individually Identifiable Health Information (note that the actual proposed rule begins on page 60049)

Pages 59918-59966

Pages 59967-60016

Pages 60017-60065

Amendment published 5 JAN 2000

Top

HIPAA Security & Digital Signature Background Materials
Testimony Before the Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census, Committee Government Reform, House of United States General Accounting Office GAO For Release on Delivery Expected at 9:30 a.m. EDT Tuesday, April 8, 2003 INFORMATION SECURITY Progress Made, But Challenges Remain Protect Federal Systems and the Nation’s Critical Infrastructures Statement of Robert F. Dacey Director, Information Security Issues
FDA Electronic Signature Proposed & Final Rule
FDA Update & Background Materials on Electronic Signature Rule
Electronic Submissions through the FDA ESTRI GATEWAY Frequently Asked Questions (FAQ) Last updated: December 26, 2001
FTC Gramm-Leach-Bliley Act Proposed Security Rule
Federal Information Processing Standard (FIPS) for the Advanced Encryption Standard (AES) set forth in:
Publication 197 of November 26, 2001
This standard specifies the Rijndael [phonetic: "rinedoll"] algorithm, a symmetric block cipher that can process data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits. Rijndael was designed to handle additional block sizes and key lengths; however they are not adopted in this standard. For further information, go to NIST AES web site.
For information regarding the HCFA HIPAA security standards and other provisions affecting the delivery of and payment for health care, go to:
HIPAA Security: Protecting Patient Information
and
HIPAA 3 NOV 1999 Proposed Rule Chart

Proposed HIPAA Rule Regarding the Security of Electronic Health Records

The proposed rule is a Adobe(R) PDF file and will take several minutes to open.

The Information Security Committee of the Electronic Commerce Division of the Science and Technology Section of the American Bar Association has been the focal point of diverse secure electronic commerce law initiatives since the Division's formation in 1992. "The Committee explores current information security issues including those related to public key infrastructure, cryptology, risk analysis, standards, "commercial reasonableness" and the legal efficacy of secure digital commerce." The ISC has released the
PKI Assessment Guidelines
("PAG") - Public Draft for Comment v0.30 for consultation and comment. Note that this is a large file; go to theDivision's web site linked above for downloading of portions of the PAG in smaller files. "The PAG offers a practical guide for the evaluation, assessment, determining compliance with stated policies, and licensing of PKIs."
Federal Information Processing Standard (FIPS) for the Advanced Encryption Standard (AES) set forth in:
Publication 197 of November 26, 2001
This standard specifies the Rijndael [phonetic: "rinedoll"] algorithm, a symmetric block cipher that can process data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits. Rijndael was designed to handle additional block sizes and key lengths; however they are not adopted in this standard. For further information, go to NIST AES web site.
National Telecommunications and Information Administration
NTIA has released a report from the Department of Commerce to Congress directed by Section 105(a) of the Electronic Signatures in Global and National Commerce Act ("ESIGN Act") on the effectiveness of electronic mail in the delivery of records, as compared with the delivery of records via the United States Postal Service and private express mail services.
The Commerce Department and the Federal Trade Commission (FTC) have released a report on the consumer consent provision in the Electronic Signatures in Global and National Commerce Act (ESIGN) and its benefits to e-commerce.

Top

Individual Reference Services Group, Trans Union LLC v.
Federal Trade Commission
Memorandum Opinion & Order filed
April 30, 2001 by Judge Ellen Segal Huvelle upholding FTC rule under Gramm-Leach-Bliley Act
Physician's unauthorized use of hospital system's computerized medical records does not give rise to violation of Computer Fraud and Abuse Act by hospital system.
Doe v. Dartmouth-Hitchcock Medical Center, D. N.H., No. CV-00-100-M, 7/19/01)
IN THE SUPREME COURT OF CALIFORNIA Filed May 3, 2001
BARBARA McCALL, Individually and as Trustee, etc. v. PACIFICARE OF CALIFORNIA, INC., et al.
In re DOUBLECLICK INC. PRIVACY
March 28, 2001
Medical Information Protection and Research Enhancement Act of 2001
107th CONGRESS 1st Session H. R. 1215 To ensure confidentiality with respect to medical records and health care-related information, and for other purposes. IN THE HOUSE OF REPRESENTATIVES March 27, 2001
Quintiles Transnational Corp. vs. WEBMD Corporation - Order granting Plaintiff's motion for preliminary injunction
Order filed March 21, 2001 - USDC ED NC WD
USPTO PUBLISHES FINAL GUIDELINES FOR DETERMINING UTILITY OF GENE-RELATED INVENTIONS - Federal Register January 5, 2001
1998 Federal Sentencing Guideline Chapter 8
Sentencing of Organizations
See Commentary to Sec. 8A1.2. for an"effective program to prevent and detect violations of law..." -- which is the basis for corporate compliance program guidance in antifraud and abuse -- and go to
Guideline Manual
for the entire 1998 version of the Guideline Manual
Note also
Proposed 2000 Amendment
to address computer and internet access crimes and the
1998 Amendment
addressing criminal infringement of copyright or trademark
Corporate Compliance Plans Under HIPAA & Beyond
December 2000

by Alan S. Goldberg, JD, LLM

HIPAA HERO®

speech summarized in online media article
"IITRI found that the current system of external and internal controls makes it unlikely that either FBI or ISP personnel will use Carnivore carelessly or for improper purposes. However, maintaining central control and the requirement of headquarters approval are critical to maintaining effective operational controls...A small group of highly skilled FBI agents must not only approve applications of Carnivore, but are also intimately involved in the logistics. Their training and professionalism ensure that the intercept proceeds as narrowly and efficiently as possible...The risk of misfeasance may increase significantly, however, if Carnivore becomes more widely used. The governing statute, by itself, permits expanded use of Carnivore, but does not require that the Carnivore units be centrally stored; does not require FBI Headquarters approval for court authorization of a Carnivore intercept; and does not limit use of Carnivore to federal agents. Thus, although use of Carnivore in practice has been centralized, nothing in the statute prohibits state and local law enforcement agents from using Carnivore or local Assistant U.S. Attorneys on their own initiative from applying for court authorization to use the device...." US Department of Justice publishes IITRI
Independent Technical Review
of the Carnivore System Final Report
8 December 2000
New Patient Protections Included In Medicaid Managed Care Rule Promulgated January 19, 2001 by HHS/HCFA
42 CFR Part 400, 430, 431,434, 435, 438, 440, and 447
mancare6227to6276.pdf mancare6277to6326.pdf mancare6327to6376.pdf mancare6377to6426.pdf
Federal Register / Vol. 66, No. 13 / Friday, January 19, 2001 / Rules and Regulations / Pages 6227-6426

Top


New York State Regulation 169 (11 NYCRR 420)
Privacy of Consumer Financial and Health Information, filed with the Secretary of State: November 10, 2000
Physicians' Referrals to Health Care Entities With Which They Have Financial Relationships
856 Federal Register / Vol. 66, No. 3 / Thursday, January 4, 2001 / Rules and Regulations
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Health Care Financing Administration 42 CFR Parts 411 and 424 Medicare and Medicaid Programs
Pages 855-904

Pages 905-954

Pages 955-965
(Adobe Acrobat (R) PDF files take several minutes to open or download)

FTC Sues Failed Website, Toysmart.com, for Deceptively Offering for Sale Personal Information of Website Visitors
FTC Settlement Agreement News Release
"In a settlement announced [July 21, 2000] by the Federal Trade Commission [Note: US Bankruptcy Court denied approval of FTC proposal for settlement], Toysmart.com ("Toysmart") has agreed to settle charges the company violated Section 5 of the FTC Act by misrepresenting to consumers that personal information would never be shared with third parties and then disclosing, selling, or offering that information for sale in violation of the company's own privacy statement...The Commission also announced today that it will file an amended complaint with the U.S. District Court in Massachusetts alleging that Toysmart collected personal information from children in violation of the Children's Online Privacy Protection Act of 1998 ("COPPA") and its implementing regulations. The FTC's regulations went into effect on April 21, 2000, and this is the first complaint the Commission has filed alleging a violation of COPPA...."
UNITED STATES DISTRICT COURT DISTRICT OF MASSACHUSETTS
FEDERAL TRADE COMMISSION, Plaintiff, v. TOYSMART.COM, LLC, and TOYSMART.COM, INC., Defendants.
AMENDED COMPLAINT
including COPPA allegations
Toysmart.com Privacy Policy
SETTLEMENT AGREEMENT
Stipulation and Order
Statement of President of Toysmart.com
Statements of FTC Commissioners including Dissent
FTC COPPA site KIDZ Privacy
E-Government Act of 2002
"(b) PURPOSES- The purposes of this Act are the following: (1) To provide effective leadership of Federal Government efforts to develop and promote electronic Government services and processes by establishing an Administrator of a new Office of Electronic Government within the Office of Management and Budget. (2) To promote use of the Internet and other information technologies to provide increased opportunities for citizen participation in Government. (3) To promote interagency collaboration in providing electronic Government services, where this collaboration would improve the service to citizens by integrating related functions, and in the use of internal electronic Government processes, where this collaboration would improve the efficiency and effectiveness of the processes. (4) To improve the ability of the Government to achieve agency missions and program performance goals. (5) To promote the use of the Internet and emerging technologies within and across Government agencies to provide citizen-centric Government information and services. (6) To reduce costs and burdens for businesses and other Government entities. (7) To promote better informed decisionmaking by policy makers. (8) To promote access to high quality Government information and services across multiple channels. (9) To make the Federal Government more transparent and accountable. (10) To transform agency operations by utilizing, where appropriate, best practices from public and private sector organizations. (11) To provide enhanced access to Government information and services in a manner consistent with laws regarding protection of personal privacy, national security, records retention, access for persons with disabilities, and other relevant laws...."
European Parliament Data Protection Legislative Documents
European Union Data Protection Site
Medicare & Medicaid 2003 Program Memos
Medicare & Medicaid 2003 Program Transmittals
Health Care Industry Market Update Medical Devices and Supplies October 10, 2002
(Adobe Acrobat (R) PDF files take several minutes to open or download)
"SEC. 107. EFFECTIVE DATE. (a) IN GENERAL.—Except as provided in subsection (b), this title shall be effective on
October 1, 2000.
(b) EXCEPTIONS.— (1) RECORD RETENTION.— (A) IN GENERAL.—Subject to subparagraph (B), this title shall be effective on March 1, 2001 with respect to a requirement that a record be retained imposed by— (i) a Federal statute, regulation, or other rule of law, or (ii) a State statute, regulation, or other rule of law administered or promulgated by a State regulatory agency. (B) DELAYED EFFECT FOR PENDING RULEMAKINGS.—If on March 1, 2001, a Federal regulatory agency or State regulatory agency has announced, proposed, or initiated, but not completed, a rulemaking proceeding to prescribe a regulation under section 104(b)(3) with respect to a requirement described in subparagraph (A), this title shall be effective on June 1, 2001, with respect to such requirement...."
Electronic Signatures in Global and National Commerce Act
CONFERENCE REPORT HR 106-661 [To accompany S. 761]
Signed by the President
Exemption to Prohibition on Circumvention of Copyright Protection Systems for Access Control Technologies; Final Rule
Pages 64556-64574
Federal Register / Vol. 65, No. 209 / Friday, October 27, 2000 / Rules and Regulations
(Adobe Acrobat (R) PDF files take several minutes to open or download)
Predecessor bill: Electronic Signatures in Global and National Commerce Act
HR 1714
UNIFORM ELECTRONIC TRANSACTIONS ACT
Drafted by the NATIONAL CONFERENCE OF COMMISSIONERS ON UNIFORM STATE LAWS
Digital Economy 2000, the Commerce Department's third annual report. June 2000
"Health Care. The Internet increases the ability of patients to participate more actively in matters related to their own health. A recent study by the California HealthCare Foundation cites estimates that the Internet offers at least 17,000 different health care sites and that some 24.8 million U.S. adults have searched for health information. This number is projected to grow to over 30 million during 2000. [http://ehealth.chcf.org] Jupiter Communications has estimated that 45 percent of online consumers access the Internet for health information. [http://www.jup.com] Today, some patients arrive at their doctors’ offices carrying possible diagnoses downloaded from sites such as Healtheon/WebMD or America Online Health Channel. In addition, people with Internet access can obtain information about their healthcare plans, find doctors, and in some cases submit claims for fee reimbursement. Doctors, too, are increasing their use of the Internet as a source of information on the latest news in medical research. Other aspects of health care delivery, including laboratory results reporting, prescriptions, office visit scheduling, and records transmittal may move online once issues such as privacy and authentication are resolved...."
"So far, the Internet seems to be largely amplifying the worst features of television's preoccupation with sex and violence, semi-literate chatter, shortened attention spans, and near-total subservience to commercial marketing," said The Librarian of Congress, James Billington, in a reported address to the National Press Club.
"You already have zero privacy -- get over it...." Scott McNealy, CEO, Sun Microsystems, Inc.
On Internet Privacy and Profiling
Senate Commerce Committee Testimony
June 13, 2000 Richard M. Smith Internet Consultant
(Adobe Acrobat (R) PDF files take several minutes to open or download)
SUPREME COURT OF THE STATE OF NEW YORK COUNTY OF NEW YORK THE AMERICAN MEDICAL ASSOCIATION, THE MEDICAL SOCIETY OF THE STATE OF NEW YORK, MATTHEW CREMA, and MICHAEL J. ATTKISS, M.D., individually and on behalf of all others similarly situated, Plaintiffs, v. METROPOLITAN LIFE INSURANCECOMPANY, UNITED HEALTHCARE CORPORATION, and UNITED HEALTHCARE SERVICES, INC., Defendants. Index No.
CLASS ACTION COMPLAINT DEMAND FOR JURY TRIAL
JEFFREY ALLAN FISCHER, PETITIONER v. UNITED STATES ON WRIT OF CERTIORARI TO THE UNITED STATES COURT OF APPEALS FOR THE ELEVENTH CIRCUIT
May 15, 2000 federal benefits & bribary case
Opinion
California Medical Association v. Blue Cross of California et. al., racketeering case
Complaint
SUPREME COURT OF THE UNITED STATES
LORI PEGRAM, et al., PETITIONERS v. CYNTHIA HERDRICH
CERTIORARI TO THE UNITED STATES COURT OF APPEALS FOR THE SEVENTH CIRCUIT No. 98—1949. Decided June 12, 2000.
"We could struggle with this problem, but first it is well to ask, again, what would be gained by opening the federal courthouse doors for a fiduciary malpractice claim, save for possibly random fortuities such as more favorable scheduling, or the ancillary opportunity to seek attorney’s fees. And again, we know that Congress had no such haphazard boons in prospect when it defined the ERISA fiduciary, nor such a risk to the efficiency of federal courts as a new fiduciary-malpractice jurisdiction would pose in welcoming such unheard-of fiduciary litigation."
United States of America Anti-Terrorism Legislation, Rules, & Orders
OFFICE OF FOREIGN ASSETS CONTROL
"The Office of Foreign Assets Control ("OFAC") of the U.S. Department of the Treasury administers and enforces economic and trade sanctions against targeted foreign countries, terrorism sponsoring organizations and international narcotics traffickers based on U.S. foreign policy and national security goals. OFAC acts under Presidential wartime and national emergency powers, as well as authority granted by specific legislation, to impose controls on transactions and freeze foreign assets under U.S. jurisdiction. Many of the sanctions are based on United Nations and other international mandates, are multilateral in scope, and involve close cooperation with allied governments."
HR 3162
"Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act of 2001"
Enrolled Bill as sent to and signed by the President October 26, 2001
DEPARTMENT OF JUSTICE Bureau of Prisons 28 CFR Parts 500 and 501 - 55062 Federal Register / Vol. 66, No. 211 / Wednesday, October 31, 2001 / Rules and Regulations
From the Summary: "...[T]he Bureau is authorized to monitor mail or communications with attorneys in order to deter [acts of violence and terrorism], subject to specific procedural safeguards, to the extent permitted under the Constitution and laws of the United States...."
Senate Bill
SB 1510
`Uniting and Strengthening America Act' or the
"USA Act of 2001"
Administration Bill
Administration Bill introduced in Congress to combat terrorism:
"Anti-Terrorism Act of 2001"
House Bill
HR 2975
Provide Appropriate Tools Required to Intercept and Obstruct Terrorism (PATRIOT) Act of 2001
S.1447 - 11/19/2001: Became Public Law No: 107-71
Aviation and Transportation Security Act

"SEC. 115. PASSENGER MANIFESTS. Section 44909 is amended by adding at the end the following: `(c) Flights in Foreign Air Transportation to the United States- `(1) IN GENERAL- Not later than 60 days after the date of enactment of the Aviation and Transportation Security Act, each air carrier and foreign air carrier operating a passenger flight in foreign air transportation to the United States shall provide to the Commissioner of Customs by electronic transmission a passenger and crew manifest containing the information specified in paragraph (2)...(4) TRANSMISSION OF MANIFEST- Subject to paragraph (5), a passenger and crew manifest required for a flight under paragraph (1) shall be transmitted to the Customs Service in advance of the aircraft landing in the United States in such manner, time, and form as the Customs Service prescribes. `(5) TRANSMISSION OF MANIFESTS TO OTHER FEDERAL AGENCIES- Upon request, information provided to the Under Secretary or the Customs Service under this subsection may be shared with other Federal agencies for the purpose of protecting national security.... "
President Issues Military Order
November 13, 2001 - Detention, Treatment, and Trial of Certain Non-Citizens in the War Against Terrorism
"By the authority vested in me as President and as Commander in Chief of the Armed Forces of the United States by the Constitution and the laws of the United States of America, including the Authorization for Use of Military Force Joint Resolution (Public Law 107-40, 115 Stat. 224) and sections 821 and 836 of title 10, United States Code, it is hereby ordered as follows...."

Top

Federal court actions regarding the internet and recorded music:

US Court of Appeals Stays Enforcement of Preliminary Injunction Against Napster - Opinion to be posted when available
Denial of Napster's Motion to Dismiss linked via http://www.courtnews.com/
and Motion for Preliminary Injunction and Memorandum filed against Napster, and brief filed in behalf of Napster in opposition to motion for preliminary injunction: Boies et al Brief

and MP3 Decision linked via http://www.riaa.org/
According to Messrs. Boies et al.:"Plaintiffs ask this Court to do what no court has ever done: to hold that private non-commercial sharing of music by consumers is unlawful; to hold that an Internet directory service is liable for uses made by its users; and to extend judicially copyright protection to stifle a new technology. Plaintiffs ask this Court to take this action in the face of substantial First Amendment issues, without a trial or evidentiary hearing (which Napster respectfully requests on this motion), and without any convincing evidence of interim harm pending trial. Napster’s one-to-one file sharing and Internet directory service has ignited a revolution. By enabling individual Internet users to access and share data, Napster empowers individuals rather than centralized institutions to distribute information. As Andy Grove, former Chairman of Intel, recently stated, 'The whole Internet could be re-architected by Napster-like technology'...."
(Adobe Acrobat (R) PDF files take several minutes to open or download)
Microsoft Is A Monopoly:
Findings of Fact in State of New York, ex rel. Eliot Spitzer, et al., v. Microsoft Corporation, C.A. 98-1233

US District Court Opinion of April 3, 2000
Microsoft Ordered Split Into Two Parts
US District Court June 7, 2000
Memorandum and Order, and Final Judgment

Top

(Adobe Acrobat (R) PDF files take several minutes to open or download)
GAO Report on Internet Privacy: Comparison of Federal Agency Practices with FTC's Fair Information Principles.
GAO/AIMD-00-296R, September 11, 2000
Privacy Standards: Issues in HHS' Proposed Rule on Confidentiality of Personal Health Information Testimony of Associate Director, GAO, Before Committee on Health, Education, Labor, and Pensions, U. S. Senate, Released April 26, 2000
THE ELECTRONIC FRONTIER: THE CHALLENGE OF UNLAWFUL CONDUCT INVOLVING THE USE OF THE INTERNET
A Report of the President’s Working Group on Unlawful Conduct on the Internet March 2000
Appendices to Report
Remarks of John T. Bentiveglio, Special Counsel for Health Care Fraud and Chief Privacy Officer, U. S. Department of Justice -- Telemedicine: Evolving Legal and Regulatory Issues for the Health Professions,
April 28, 2000 -- Buffalo, N. Y.
Computer Crime and Intellectual Property Section (CCIPS) of the Criminal Division of the U.S. Department of Justice
The USPTO issued a notice regarding changes in business process patents affecting software and the internet Journal of the American Medical Association Vol. 283 No. 12, March 22/29, 2000
Guidelines For Medical and Health Information Sites on the Internet

Top

Office of Inspector General Long Term Care Compliance Program Guidance for Nursing Facilitities
Adobe Acrobat PDF (R) file
from the Federal Register/Vol. 65, No. 52/Thursday, March 16, 2000/Notices Page 14289-14306
March 9, 2000 - Office of the Inspector General Estimated Improper Payments By Type of Error - Medicare Program
For Webmaster's Adobe Acrobat PDF (R) file of chart converted from OIG web site PPT file:
Error Chart PDF file

For link to Microsoft PowerPoint (R) version of chart from OIG web site:
Error Chart PPT file
HHS is the first federal agency to publish regulatory guidance (in the Federal Register on August 30, 2000) since the issuance of Executive Order 13166 on serving persons with limited English skills, signed by President Clinton on Aug. 11, 2000. Title VI of the Civil Rights Act of 1964 prohibits discrimination on the basis of race, color, or national origin by any entity that receives federal financial assistance. HMOs, social service agencies and other entities that receive federal financial assistance from HHS are required to take the steps necessary to ensure that individuals with limited English proficiency (LEP) can meaningfully access the programs and services. The requirements apply to state-administered as well as private and non-profit facilities and programs that benefit from HHS assistance.
See HHS news release for additional information.
Department of Labor, NOV 1999: Monitoring Fair Labor Standards Act Compliance in the Long Term Health Care Industry
Note that the pagination of this file is exactly the same as in the booklet received from the DOL
(the Adobe (R) PDF (R) file will take several minutes to open)

Top

Oklahoma Attorney General opinion regarding the practice of dentistry in Oklahoma via the Internet:
"It is, therefore, the official Opinion of the [Oklahoma] Attorney General that: Under appropriate facts, the Oklahoma Board of Dentistry has authority to regulate individuals physically located outside the State who practice dentistry (as defined in the State Dental Act, 59 O.S. Supp. 1999, §§ 328 -328.51a) in the State of Oklahoma via the Internet."
Gramm-Leach-Bliley Act
FTC Gramm-Leach-Bliley Privacy Initiatives
FTC Frequently Asked Questions for the Gramm-Leach-Bliley Act Privacy Regulation December 2001
Gramm-Leach-Bliley Act 15 USC, Subchapter I, Sec. 6801-6810
Disclosure of Nonpublic Personal Information
Protection of nonpublic personal information etc.
Definitional References For "Financial Institution"
and other terminology
HR4585
Medical Financial Records Privacy Bill
Excerpt from description on Rep. James A Leach's Web site: "The Medical Financial Privacy Protection Act, would protect medical records by: Requiring financial institutions to obtain customer’s affirmative consent ("opt in") before disclosing individually identifiable health information to an affiliate or non-affiliated third party. Prohibiting a financial institution from obtaining or using individually identifiable health information in deciding whether to issue credit, unless the prospective borrower expressly consents. Singling out for particular protection information relating to mental health or mental condition, by requiring separate and specific customer consent to disclosure of such information, and encouraging regulators to develop special policies and procedures to protect its confidentiality. Giving consumers the right to inspect, copy, and correct individually identifiable health information that is under the control of a financial institution. Placing strict limitations on the redisclosure and reuse of individually identifiable health information legitimately obtained by a financial institution. This bill does not limit or supersede medical privacy standards promulgated by the Secretary of Health and Human Services pursuant to authority granted under the Health Insurance Portability and Accountability Act." [emphasis added]
FTC Gramm-Leach-Bliley Act Proposed Security Rule
The Gramm-Leach-Bliley Act
(previously the Financial Services Modernization Act of 1999)
Here are links to provisions relating to privacy, for comparison with the pending HIPAA proposed rule and healthcare privacy concerns.


The following proposed rule and the final FTC rule are Adobe(R) Acrobat(R) PDF files and will take several minutes to open.
Senate Banking Committee Act Summary

Senate Banking Committee Statement of Managers on Privacy

Title 5 of Act: Privacy

Department of the Treasury, Federal Reserve System, Federal Deposit Insurance Corporation: NPRM Proposed Privacy Rule
FTC promulgates 16 C.F.R. Part 313, The Privacy of Consumer Financial Information: Final Rule Implementing Statutory Notice Requirements and Restrictions on the Disclosure of Nonpublic Consumer Information by Financial Institutions, underThe Gramm-Leach-Bliley Act
(previously known as the Financial Services Modernization Act of 1999)

Top

S 2750 Medicare Telehealth Validation Act of 2002
"For purposes of expediting the provision of telehealth services, for which payment is made under the medicare program, across State lines, the Secretary of Health and Human Services shall, in consultation with representatives of States, physicians, health care practitioners, and patient advocates, encourage and facilitate the adoption of State provisions allowing for multistate practitioner licensure across State lines...."
HR 3763
Corporate and Auditing Accountability, Responsibility, and Transparency Act of 2002 & House Rpt. 107-610 - SARBANES-OXLEY ACT OF 2002
A BILL To protect investors by improving the accuracy & reliability of corporate disclosures made pursuant to the securities laws, & for other purposes.

SEC File No. 4-460
Order Requiring the Filing of Sworn Statements Pursuant to
Section 21(a)(1) of the Securities Exchange Act of 1934

Top

The Webmaster's LeadingLinks (sm)



Rush Prudential HMO Inc. v. Moran, U.S., No. 00-1201, 6/20/02
Dismissal of The Association of American Physicians and Surgeons et al. Complaint, 6/17/02
The Webmaster's LeadingLinks (sm)


US Department of Health & Human Services Nursing Home Nursing Staff Study 2001
Executive Summary
Overview
August 2, 2004 Proposed Forms & Documents
>69 Federal Register 46210
>69 Federal Register 46214
SUMMARY: Consistent with the Paperwork Reduction Act of 1995, HUD is publishing for public comment a comprehensive set of closing forms and documents for use in the Federal Housing Administration (FHA) multifamily rental project and health care facility (excluding hospitals) programs. In addition to meeting the requirements of the Paperwork Reduction Act, this notice seeks public comment for the purpose of enlisting input from the lending industry and other interested parties in the development and adoption of a set of instruments that offer the requisite protection to all parties in these FHA-insured mortgage programs, consistent with modern real estate and mortgage lending laws and procedures. The development of these forms identified outdated language and policies in HUD regulations that needed to be changed. These forms are also posted on HUD's website at http://www.HUD.gov. Accordingly, elsewhere in today's Federal Register, HUD is publishing a proposed rule that solicits comments on changes to certain FHA regulations as described in the preamble to that rule. DATES: Comment Due Date: October 1, 2004.
Note: Congress Acted to Revoke the Following Rule Using the Congressional Review Act for the First Time
OSHA Final Ergonomics Program Standard Regulatory Text  and related materials REVOKED BY CONGRESS
Published in Federal Register: November 14, 2000 (Volume 65, Number 220), Rules and Regulations, Pages 68261 et seq. 
"This final rule becomes effective on January 16, 2001...."  

Top

Complaint filed against Yahoo by "Aquacool_2000" as John Doe, alleging that Yahoo, having been served with a subpoena, ignored the plaintiff's pseudonym without notice and disclosed the plaintiff's personal identity as a participant on a Yahoo chat board.
Complaint: The Official Committee of Unsecured Creditors of Allegheny Health, Education and Research Foundation vs. PriceWaterhouseCoopers, LLP
US District Court For the Western District of Pennsylvania, No. 00-684
[Note: the Adobe Acrobat (R) PDF file will take several minutes to open or download]
Telemedicine
>PROTECTING PRIVACY WHEN USING TELEHEALTH TECHNOLOGY IN HEALTHCARE Vol. 1
>PROTECTING PRIVACY WHEN USING TELEHEALTH TECHNOLOGY IN HEALTHCARE Vol. 2
Issues and Recommendations Telehealth Deployment Research Testbed Grant Award # 1 D1BTM 0005-01 October 2002
"Executive Summary This report documents the observations and recommendations resulting from a study of the privacy, confidentiality, and security issues unique to delivery of care through telehealth interactions. ..."
Massachusetts Board of Registratration in Medicine Interstate Pathology Opinion September 18, 1995
Expansion of Medicare Part B Reimbursement for Telehealth under
THE MEDICARE, MEDICAID, AND SCHIP BENEFITS IMPROVEMENT AND PROTECTION ACT OF 2000
Statute, Program Memorandum for Intermediaries/Carriers, Comments & Final Rule
PROPOSED TELEMEDICINE MEDICARE PROGRAM REIMBURSEMENT RULES PUBLISHED AUGUST 2, 2001
Centers for Medicare & Medicaid Services PROPOSED RULES [being at page 40391] for Medicare: Physician fee schedule (2002 CY); payment policies and relative value unit adjustments, for telemedicine services [Pgs. 40391-40394 only]
General Principles of Software Validation; Final Guidance for Industry & FDA Staff Document issued on: January 11, 2002FDA Software As Medical Device
"This guidance describes how certain provisions of the medical device Quality System regulation apply to software and the agency’s current approach to evaluating a software validation system. For example, this document lists elements that are acceptable to the FDA for the validation of software; however, it does not list all of the activities and tasks that must, in all instances, be used to comply with the law...."

THE FIRST TELEMEDICINE ANTIKICKBACK OPINION: OFFICE OF THE INSPECTOR GENERAL ADVISORY OPINION 98-18 REGARDING OPHTHALMOLOGY AND TELEMEDICINE
Go to OIG Advisory Opinion 98-18


THE SECOND TELEMEDICINE ANTIKICKBACK OPINION: OFFICE OF THE INSPECTOR GENERAL ADVISORY OPINION 99-14 REGARDING A RURAL TELEMEDICINE NETWORK
Go to OIG Advisory Opinion 99-14


THE THIRD TELEMDEDICINE ANTIKICKBACK OPINION: OFFICE OF THE INSPECTOR GENERAL ADVISORY OPINION 02-12 REGARDING INTERNET-BASED CHRONIC DISEASE MANAGEMENT
Go to OIG Advisory Opinion 02-12
New American Health Lawyers Association Publications

Telemedicine: Emerging Legal Issues

2nd edition, authored by Alan S. Goldberg & Jocelyn F. Gordon containing comprehensive updated charts of telemedicine statutes and funding sources.

Long Term Care Antifraud and Abuse Compliance Program Manual

1st edition, authored by Denis M. King & Alan S. Goldberg, containing an analysis of corporate compliance programs in long term care and including an extensive appendix of relevant federal and state laws, regulations and advisories relevant to antifraud and abuse.

A Glossary of Health Care Terms, published in May 1999, contains definitions of important health care terms and provides useful information to those endeavoring to understand the often confusing language used in connection with the delivery of health care today. The newly published fourth edition contains additional information relative to the delivery of health care via telemedicine and reflects the many changes in health care today. For more information, go to Glossary.

Copies of the entire Glossary printed booklet are available by sending a request to the Webmaster.
State University of New York at Buffalo Medical School & Law School Telemedicine Seminar
Download these file in Adobe(R) Acrobat(R) PDF file format - (download will take several moments)
The Y2K Act
and
Year 2000 Information and Readiness Disclosure Act
How to Build a Telemedicine Program
Sponsored by Fletcher Allen Health Care in Alliance with the University of Vermont - For further information about purchasing a CD-ROM containing program excerpts, go to:
Fletcher Allen Health Care Telemedicine Program

Top

Top

Top

Copyright © 2008, Alan S. Goldberg All Rights Reserved