Anna D. Kraus

Anna D. Kraus

Anna Durand Kraus has a multi-disciplinary practice advising clients on issues relating to the complex array of laws governing the health care industry. Her background as Deputy General Counsel to the U.S. Department of Health and Human Services (HHS) gives her broad experience with, and valuable insight into, the programs and issues within the purview of HHS, including Medicare, Medicaid, fraud and abuse, and health information privacy. Ms. Kraus regularly advises clients on Medicare reimbursement matters, the Medicaid Drug Rebate program, health information privacy issues (including under HIPAA and the HITECH Act), and the challenges and opportunities presented by the Affordable Care Act.

Subscribe to all posts by Anna D. Kraus

FTC to Consider Changes to the Health Breach Notification Rule

On May 8, 2020, the Federal Trade Commission (“FTC”) issued a notice soliciting public comment regarding whether changes should be made to its Health Breach Notification Rule (the “Rule”).  The request for comment is part of a periodic review process “to ensure that [FTC rules] are keeping pace with changes in the economy, technology, and … Continue Reading

HHS Announces Enforcement Discretion Over the Implementation of Interoperability Final Rules Due to COVID-19 Public Health Emergency

On April 21, 2020, the Department of Health and Human Services (“HHS”) announced that, as a response to the COVID-19 public health emergency, it will exercise enforcement discretion to “permit compliance flexibilities” regarding the implementation of the interoperability final rules issued on March 9th, 2020.  This joint announcement was made by the Office of the … Continue Reading

HHS Relaxes HIPAA Enforcement for Certain Covered Entities and Business Associates Regarding Their Participation in COVID-19 Community-Based Testing Sites

On April 9, 2020, U.S. Department of Health and Human Services (“HHS”) issued a Notification of Enforcement Discretion (the “Notification”) regarding certain covered entities and business associates who choose to participate in the operation of a Community-Based Testing Site (“CBTS”) during the COVID-19 nationwide public health emergency. The Notification relaxes HHS’s enforcement of certain provisions … Continue Reading

OCR Alert Warns Covered Entities and Business Associates of Potential PHI Scam

On April 3, 2020, the Department of Health and Human Services Office for Civil Rights (“OCR”) released an alert warning covered entities and business associates of an individual posing as an OCR Investigator to obtain protected health information. According to the alert, “[t]he individual identifies themselves as an OCR Investigator on the telephone, but does … Continue Reading

HHS Seeks to Facilitate Certain Uses and Disclosures of Health Data to Public Health and Health Oversight Agencies Amidst COVID-19 Nationwide Public Health Emergency

On April 2, 2020, the U.S. Department of Health and Human Services (“HHS”) issued a Notification of Enforcement Discretion (the “Notification”) regarding the disclosure of protected health information (“PHI”) to public health authorities and use of PHI to perform analytics for such authorities.  Designed to “facilitate uses and disclosures for public health and health oversight … Continue Reading

HHS Relaxes Enforcement of Certain HIPAA Provisions Amidst COVID-19 Nationwide Public Health Emergency

This month, the U.S. Department of Health and Human Services (“HHS”) issued guidance waiving enforcement of certain provisions of the Health Insurance Portability and Accountability Act (“HIPAA”) in response to the COVID-19 nationwide public health emergency. Covered Health Care Providers On March 17, 2020, the Department of Health and Human Services Office for Civil Rights … Continue Reading

HHS Finalizes Interoperability Rules

On March 9, 2020, the Department of Health and Human Services (HHS) issued two final rules aimed at improving patient access to electronic health information (EHI), as well as the standardization of modes of exchange for EHI.  The rules, which were issued by the Office of the National Coordinator for Health Information Technology (ONC) and … Continue Reading

EHR Vendor Admits to Soliciting and Receiving Kickbacks in Exchange for Promoting Prescription Opioids

Practice Fusion, Inc. (Practice Fusion), an electronic health record (EHR) vendor acquired by Allscripts in 2018, recently agreed to pay $145 million to resolve criminal and civil investigations related to an illegal kickback arrangement with a major opioid company. The settlement included $26 million in criminal fines and forfeiture to resolve two felony charges related … Continue Reading

Senators Introduce Legislation to Regulate Privacy and Security of Wearable Health Devices and Genetic Testing Kits

Last week, Senators Amy Klobuchar (D-MN) and Lisa Murkowski (R-AK) introduced the Protecting Personal Health Data Act (S. 1842), which would provide new privacy and security rules from the Department of Health and Human Services (“HHS”) for technologies that collect personal health data, such as wearable fitness trackers, social-media sites focused on health data or … Continue Reading

Moving to the Cloud: Some Key Considerations for Healthcare Entities

Healthcare providers, health plans, and other entities are increasingly utilizing cloud services to collect, aggregate, store and process data.  A recent report by IDC Health Insights suggests that 80 percent of healthcare data is expected to pass through the cloud by 2020.  As a substantial amount of healthcare data comprises “personal information” or “protected health … Continue Reading

Welcome to Covington eHealth

While Covington eHealth is a new publication, lawyers at Covington & Burling LLP have been writing on topics related to eHealth for many years, including on other Covington blogs. Below is a selection of eHealth-related articles posted to other Covington blogs in the first half of 2014. We encourage you to visit our other sites … Continue Reading

HHS Report Details Breaches of PHI, Makes Recommendations

In its Annual Report to Congress on Breaches of Unsecured Protective Health Information, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) reports on both large and small breaches of protected health information (PHI), as well as breach-related settlement agreements and audits.  The Office also recommends steps that covered entities should … Continue Reading

HHS Report Highlights HIPAA Privacy, Security, and Breach Notification Compliance Trends

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently released two annual reports regarding compliance with the Health Insurance Portability and Accountability Act (HIPAA) and provisions enacted by the Health Information Technology for Economic and Clinical Health (HITECH) Act.  The reports indicate that HIPAA-related complaints continue to grow annually; however, … Continue Reading

Legal and Practical Challenges Surround Telehealth Implementation

Health care providers and other entities face a host of legal and practical challenges as they implement telehealth and telemedicine initiatives. For example, providers of telehealth services, and the entities creating or hosting telehealth platforms, must determine which federal and state privacy and security laws apply to them.  These laws, such as the federal Health … Continue Reading

Lawmakers and Biotechnology Industry Organization Press OMB to Release E-Labeling Rules

In recent weeks, two sets of stakeholders have urged the Office of Management and Budget (OMB) to release the Food and Drug Administration’s (FDA) proposed rule on e-labeling, “Electronic Distribution of Prescribing Information of Human Prescription Drugs,” 0910-AG18.  On January 22, 2014, the Biotechnology Industry Organization issued a letter urging OMB and FDA to issue … Continue Reading
LexBlog