[ Wednesday, April 14, 2021 ]



Note: On April 14, 2001, the first bit of HIPAA regulation, the HIPAA Privacy Rule, became effective.  It was not enforceable for 2 more years, and was followed by the Security Rule, HITECH, the Breach Notification Rule, etc., but the “s*#t got real” 20 years ago today (I started this blog on March 8, 2002).  And so, today begins a series of 20 big blog posts celebrating and explaining 20 big ideas, facts, stories, or peculiarities about HIPAA.  It’s an opportunity for me to pull back and highlight some major themes and lessons I’ve learned playing in this space for the last 21 years.

Chapter 1: “Who is that behind those Foster Grants (with the huge stack copies of the Federal Register)?”

 Health Law is an odd legal specialty.  It’s currently in pretty hot demand; I get calls and emails from headhunters almost daily, and every law firm thinks they need a health law practice to really be “full service.”  But the problem is that nobody really knows what a health lawyer is.  Non-lawyers think it’s medical malpractice, but that’s not it at all.  Really, it’s a regulatory and corporate practice that guides participants in the healthcare industry through the legal requirements governing their daily operations.

 Other than nuclear energy, healthcare is the most highly-regulated industry in America.  It involves public health and safety, so there’s always going to be a lot of governmental regulation.  Licensure laws, FDA rules, and other restrictions, guidelines, and requirements for specific procedures are examples of the health-and-safety aspect.  It’s also a business where the buyers of the service are at an extreme disadvantage to the sellers, in terms on knowledge and power, which is another fact that begs for governmental restrictions.  And finally (and most importantly), like Space, it’s one of the few industries where the government is the primary payor; when the government buys a lot of your goods and services, you can bet you’re going to see a lot of government oversight.  You have plenty of rules about who can participate in Medicare and Medicaid, what services are paid for, and exactly how and where they must be performed to be reimbursed, in law, regulations, multiple types of Medicare/Medicaid manuals, not to mention case law interpreting what it all means.  But in fact, the regulations the federal government puts in place to ensure that its money isn’t wasted, such as the “Stark” Law and the federal Anti-Kickback Statute, are the primary source of work for health lawyers.

 Ultimately, this makes being a health lawyer really hard – the laws, regulations, and manuals, at the federal, state and local level, are too much for any one person to know.  The body of knowledge is not just broad (across corporate, employment, tax, administrative, contract, benefits, real estate, environmental, and intellectual property law and more), it’s deep.  One guy can’t do it, you need a team, and you need specialization.

 We’ve always had a group practicing health law here at Jackson Walker; it’s never been a one-man show.  We have to do it that way to cover all of health law: amongst the half-dozen or so of us in the core group, we all know a little about most things (the broad), but we designate one person to be the expert in each area (the deep).  While we all know a little about everything (and a lot about Stark/AKS and general corporate and M&A), Jed is our big brain on Stark and AKS; Jed and I do a lot of radiology and optometry work; Virginia knows telemedicine and EMTALA; Mary Emma has managed care contracting, Barron is the go-to for healthcare-related real estate matters and the fertility business; the list isn’t exhaustive, but you get the idea.  And we are also a group that is in constant contact with each other; we have always been spread across multiple offices, which necessitates regularly meeting up to make sure we are all on the same page and are all aware of the latest and greatest changes in the industry, law, or regulations.  Thus, we have monthly practice group meetings to trade stories and updates, usually at lunch on the 3rd Thursday of the month.

 And so it came to pass, that a new area of health law developed, with the passage of HIPAA.  The law was passed in 1996 (more to come on the history, by the way), but the first cuts of the Privacy Rule and Security Rule weren’t published until 1999 and early 2000.  By the middle of 2000, Dan Hayes, leader of the Jackson Walker health law section, realized that someone needed to be the “deep” expert on HIPAA amongst our group.  And the June meeting was when someone would have to step up and agree to take the deep dive.

 As it turns out, I had a family vacation scheduled for the 4th week of June, with my brother’s family from the Mobile area.  Our Destin rental was Saturday – Friday, but our plan was to leave Dallas Thursday, drive to Mississippi and stay the night, drive to Fairhope and spend Friday night at my brother’s place, then drive to Destin on Saturday.  Which meant I was going to miss the Thursday health section meeting.  (Cue dramatic music)

 Somewhere in Louisiana, on the third Thursday of June, 2000, at about 1:00 pm, my cell phone rang.  It was Dan Hayes calling to let me know that the practice group call had just ended, and that I had volunteered to become the HIPAA guru.  I was plenty busy, had half of the non-profit and bond “expertise” for the group, as well as a radiology subspecialty, so felt like I had plenty of “expert” portfolios already.  But Dan can be convincing, so I agreed.

 However, I told Dan that I was not going to be able to start digging into the new regulations right away; I was heading to the beach.  “No problem,” Dan said, “I’ll FedEx the current drafts of the regulations to you.“  Mind you, the internet hadn’t reached the point that you could read the Federal Register online, PDF formats were around but couldn’t be marked up, and most legal research still involved hard copy books. 

 So if you happened to be at the Sandestin Resort in late June, 2000, you might have been witness to a true visual treat: there’s nothing sexier than a fat, very pale, redheaded Irishman sitting on a recliner on the beach, purusing hundreds of pages of printouts of federal regulations.  Chick magnet, for sure.  That was the beginning of an obsession for a convoluted but ultimately salutary hunk of regulatory machinery, and thousands of hours and millions of dollars later, I’m still at it.

 Between my first deep dive into the regs through the founding of this blog, I did develop a real appreciation for the delicate efficiency of the HIPAA regulations: we want our health information to be private and confidential, but privacy can get in the way of good healthcare; we want privacy but we are social animals, and the first thing you ask someone you meet is usually a health-related question (“How are you?”); we think of a “right to privacy” but that’s not a Constitutional concept; we are naturally free-marketers and properly resist regulations if the market can provide a solution; inventing a workable regulatory scheme that balances all of these competing interests is actually quite an accomplishment.  I’m not sure that it was design or accident, but the more I work with it, but more of a fan I become.

 Anyway, I’ll address a lot more of these items in the coming days; there are 19 more posts coming!


Jeff [5:36 PM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template