On July 1, 2021, the California Department of Public Health (“CDPH”) issued new regulations[1] (the “Regulations”) effective immediately that more narrowly limit the circumstances under which instances of unauthorized access to medical information have to be reported to CDPH.  The new regulations also give CDPH more discretion to adjust penalties for violations.  The Regulations complement Section 1280.15 of the Health and Safety Code (“Section 1280.15”) requiring state-licensed clinics, health facilities, home health agencies, and hospices to prevent any unlawful or unauthorized access to, or use or disclosure of, a patient’s medical information, and to report any unauthorized access, use or disclosure to the Department no later than fifteen (15) business days after the breach was detected.
Continue Reading California Issues New Health Facility Breach Reporting Requirements

As mentioned in our November 25, 2000 Healthcare Law Blog article, “Big Changes for Health Care Fraud and Abuse: HHS Gifts Providers Updates to the Stark Law and the AKS, Just in Time for the Holidays,” the Centers for Medicare & Medicaid Services (CMS) published a final rule (“Final Rule”) on December 2, 2020 making significant changes to the regulatory framework implementing the federal physician self-referral prohibition (the “Stark Law”), 42 C.F.R. 411.351 et seq.
Continue Reading Critical Analysis and Practical Implications of CMS’ Changes to the Stark Law’s Implementing Regulations