Photo of Anna D. Kraus

Anna Durand Kraus has a multi-disciplinary practice advising clients on issues relating to the complex array of laws governing the health care industry. Her background as Deputy General Counsel to the U.S. Department of Health and Human Services (HHS) gives her broad experience with, and valuable insight into, the programs and issues within the purview of HHS, including Medicare, Medicaid, fraud and abuse, and health information privacy. Ms. Kraus regularly advises clients on Medicare reimbursement matters, the Medicaid Drug Rebate program, health information privacy issues (including under HIPAA and the HITECH Act), and the challenges and opportunities presented by the Affordable Care Act.

Last week, Senators Amy Klobuchar (D-MN) and Lisa Murkowski (R-AK) introduced the Protecting Personal Health Data Act (S. 1842), which would provide new privacy and security rules from the Department of Health and Human Services (“HHS”) for technologies that collect personal health data, such as wearable fitness trackers, social-media sites focused on health

Healthcare providers, health plans, and other entities are increasingly utilizing cloud services to collect, aggregate, store and process data.  A recent report by IDC Health Insights suggests that 80 percent of healthcare data is expected to pass through the cloud by 2020.  As a substantial amount of healthcare data comprises “personal information” or “protected health information” (PHI), federal and state privacy and security laws, including the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, raise significant questions for healthcare providers and health plans utilizing the cloud in connection with such data.  Such questions include whether HIPAA requirements extend to cloud providers, how and if entities storing health data on the cloud will be notified in case of a breach, and whether storage of data overseas by cloud providers triggers any additional obligations or concerns.
Continue Reading Moving to the Cloud: Some Key Considerations for Healthcare Entities

While Covington eHealth is a new publication, lawyers at Covington & Burling LLP have been writing on topics related to eHealth for many years, including on other Covington blogs. Below is a selection of eHealth-related articles posted to other Covington blogs in the first half of 2014. We encourage you to visit our other sites (including InsideMedicalDevices, InsidePrivacy, InsideEULifeSciences and InsideTechMedia) for a fuller selection of past Covington posts on eHealth topics.

Prior eHealth posts from other Covington blogs in 2014 include:
Continue Reading Welcome to Covington eHealth

In its Annual Report to Congress on Breaches of Unsecured Protective Health Information, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) reports on both large and small breaches of protected health information (PHI), as well as breach-related settlement agreements and audits.  The Office also recommends steps that covered entities should take to reduce the likelihood of breaches, including having thorough risk analysis and risk management plans, encrypting PHI stored on portable electronic devices, and ensuring that employees are properly trained on privacy and security policies.
Continue Reading HHS Report Details Breaches of PHI, Makes Recommendations

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently released two annual reports regarding compliance with the Health Insurance Portability and Accountability Act (HIPAA) and provisions enacted by the Health Information Technology for Economic and Clinical Health (HITECH) Act.  The reports indicate that HIPAA-related complaints continue to grow annually; however, OCR intends to focus its compliance efforts on “high-impact” cases unless it obtains additional funding.  Additionally, the reports suggest that OCR is increasingly willing to impose significant penalties and seek large monetary settlements for HIPAA violations.  Below we discuss the Annual Report to Congress on HIPAA Privacy, Security, and Breach Notification Rule Compliance, and in a separate post we address the annual report dealing with breaches.
Continue Reading HHS Report Highlights HIPAA Privacy, Security, and Breach Notification Compliance Trends

Health care providers and other entities face a host of legal and practical challenges as they implement telehealth and telemedicine initiatives.

For example, providers of telehealth services, and the entities creating or hosting telehealth platforms, must determine which federal and state privacy and security laws apply to them.  These laws, such as the federal Health Insurance Portability and Accountability Act (HIPAA), may impose privacy and security restrictions, as well as restrictions on the use of data for marketing.  Additional privacy and security complications may arise if providers choose to store data from telehealth encounters on the “cloud.”
Continue Reading Legal and Practical Challenges Surround Telehealth Implementation

In recent weeks, two sets of stakeholders have urged the Office of Management and Budget (OMB) to release the Food and Drug Administration’s (FDA) proposed rule on e-labeling, “Electronic Distribution of Prescribing Information of Human Prescription Drugs,” 0910-AG18.  On January 22, 2014, the Biotechnology Industry Organization issued a letter urging OMB and FDA to issue