[ Wednesday, April 14, 2021 ]
Note: On April 14, 2001, the first bit of HIPAA regulation,
the HIPAA Privacy Rule, became effective.
It was not enforceable for 2 more years, and was followed by the
Security Rule, HITECH, the Breach Notification Rule, etc., but the “s*#t got
real” 20 years ago today (I started this blog on March 8, 2002). And so, today begins a series of 20 big blog
posts celebrating and explaining 20 big ideas, facts, stories, or peculiarities
about HIPAA. It’s an opportunity for me
to pull back and highlight some major themes and lessons I’ve learned playing
in this space for the last 21 years.
Chapter 1: “Who is that behind those Foster Grants (with the
huge stack copies of the Federal Register)?”
Health Law is an odd legal specialty. It’s currently in pretty hot demand; I get
calls and emails from headhunters almost daily, and every law firm thinks they
need a health law practice to really be “full service.” But the problem is that nobody really knows
what a health lawyer is. Non-lawyers
think it’s medical malpractice, but that’s not it at all. Really, it’s a regulatory and corporate
practice that guides participants in the healthcare industry through the legal
requirements governing their daily operations.
Other than nuclear energy, healthcare is the most highly-regulated
industry in America. It involves public
health and safety, so there’s always going to be a lot of governmental
regulation. Licensure laws, FDA rules,
and other restrictions, guidelines, and requirements for specific procedures
are examples of the health-and-safety aspect.
It’s also a business where the buyers of the service are at an extreme
disadvantage to the sellers, in terms on knowledge and power, which is another
fact that begs for governmental restrictions.
And finally (and most importantly), like Space, it’s one of the few
industries where the government is the primary payor; when the government buys
a lot of your goods and services, you can bet you’re going to see a lot of
government oversight. You have plenty of
rules about who can participate in Medicare and Medicaid, what services are
paid for, and exactly how and where they must be performed to be reimbursed, in
law, regulations, multiple types of Medicare/Medicaid manuals, not to mention
case law interpreting what it all means.
But in fact, the regulations the federal government puts in place to
ensure that its money isn’t wasted, such as the “Stark” Law and the federal
Anti-Kickback Statute, are the primary source of work for health lawyers.
Ultimately, this makes being a health lawyer really hard –
the laws, regulations, and manuals, at the federal, state and local level, are
too much for any one person to know. The
body of knowledge is not just broad (across corporate, employment, tax,
administrative, contract, benefits, real estate, environmental, and
intellectual property law and more), it’s deep.
One guy can’t do it, you need a team, and you need specialization.
We’ve always had a group practicing health law here at
Jackson Walker; it’s never been a one-man show.
We have to do it that way to cover all of health law: amongst the
half-dozen or so of us in the core group, we all know a little about most
things (the broad), but we designate one person to be the expert in each area
(the deep). While we all know a little
about everything (and a lot about Stark/AKS and general corporate and M&A),
Jed is our big brain on Stark and AKS; Jed and I do a lot of radiology and
optometry work; Virginia knows telemedicine and EMTALA; Mary Emma has managed
care contracting, Barron is the go-to for healthcare-related real estate
matters and the fertility business; the list isn’t exhaustive, but you get the
idea. And we are also a group that is in
constant contact with each other; we have always been spread across multiple
offices, which necessitates regularly meeting up to make sure we are all on the
same page and are all aware of the latest and greatest changes in the industry,
law, or regulations. Thus, we have
monthly practice group meetings to trade stories and updates, usually at lunch
on the 3rd Thursday of the month.
And so it came to pass, that a new area of health law
developed, with the passage of HIPAA.
The law was passed in 1996 (more to come on the history, by the way),
but the first cuts of the Privacy Rule and Security Rule weren’t published
until 1999 and early 2000. By the middle
of 2000, Dan Hayes, leader of the Jackson Walker health law section, realized
that someone needed to be the “deep” expert on HIPAA amongst our group. And the June meeting was when someone would
have to step up and agree to take the deep dive.
As it turns out, I had a family vacation scheduled for the 4th
week of June, with my brother’s family from the Mobile area. Our Destin rental was Saturday – Friday, but
our plan was to leave Dallas Thursday, drive to Mississippi and stay the night,
drive to Fairhope and spend Friday night at my brother’s place, then drive to
Destin on Saturday. Which meant I was
going to miss the Thursday health section meeting. (Cue dramatic music)
Somewhere in Louisiana, on the third Thursday of June, 2000,
at about 1:00 pm, my cell phone rang. It
was Dan Hayes calling to let me know that the practice group call had just
ended, and that I had volunteered to become the HIPAA guru. I was plenty busy, had half of the non-profit
and bond “expertise” for the group, as well as a radiology subspecialty, so
felt like I had plenty of “expert” portfolios already. But Dan can be convincing, so I agreed.
However, I told Dan that I was not going to be able to start
digging into the new regulations right away; I was heading to the beach. “No problem,” Dan said, “I’ll FedEx the
current drafts of the regulations to you.“
Mind you, the internet hadn’t reached the point that you could read the
Federal Register online, PDF formats were around but couldn’t be marked up, and
most legal research still involved hard copy books.
So if you happened to be at the Sandestin Resort in late
June, 2000, you might have been witness to a true visual treat: there’s nothing
sexier than a fat, very pale, redheaded Irishman sitting on a recliner on the
beach, purusing hundreds of pages of printouts of federal regulations. Chick magnet, for sure. That was the beginning of an obsession for a
convoluted but ultimately salutary hunk of regulatory machinery, and thousands
of hours and millions of dollars later, I’m still at it.
Between my first deep dive into the regs through the
founding of this blog, I did develop a real appreciation for the delicate
efficiency of the HIPAA regulations: we want our health information to be
private and confidential, but privacy can get in the way of good healthcare; we
want privacy but we are social animals, and the first thing you ask someone you
meet is usually a health-related question (“How are you?”); we think of a
“right to privacy” but that’s not a Constitutional concept; we are naturally
free-marketers and properly resist regulations if the market can provide a
solution; inventing a workable regulatory scheme that balances all of these
competing interests is actually quite an accomplishment. I’m not sure that it was design or accident,
but the more I work with it, but more of a fan I become.
Anyway, I’ll address a lot more of these items in the coming
days; there are 19 more posts coming!
Jeff [5:36 PM]
Blogger: HIPAA Blog - Edit your Template