Tag Archive for: healthcare law

GDPR in America: Businesses react to newly enforced EU Privacy Law

In this article, Oklahoma City healthcare attorney Mary Holloway Richard discusses GDPR, a newly enforced EU privacy law, and what it means for businesses in America.

Q: What is the General Data Protection Regulation (GDPR)?

A: It’s a law regulating data protection and privacy for all individuals within the European Union (EU). It gives control to individuals over their personally identifiable information. It both standardizes the requirements throughout the EU and bolsters protections available to individuals amid well-publicized, costly data breaches in Europe. It’s a regulation rather than a directive, which means national governments within the EU don’t have to pass enabling legislation for these requirements to be effective. Rather, the regulation is directly binding on the members of the EU. The spirit of the General Data Protection Regulation also is embodied in recent legislation in the United Kingdom, providing consistency across Europe even though the U.K. withdrew from the EU effective in March. The regulation, passed two years ago, became effective May 22. Because of the length of time between passage and enforcement, there’s no transitional or grace period before compliance is required.

Q: How is this relevant to American businesses?

A: In certain circumstances, the GDPR also applies to organizations and other businesses based outside of the EU if they collect and/or process personally identifiable information located within the EU. For example, U.S. companies offering a website to market their products or services to individuals within the European Community or scientific concerns actively engaged in recruiting individuals within the European Community to be subjects in clinical trials are required to comply. It’s important for such commercial concerns to act quickly to determine if they are covered by the General Data Protection Regulation as processors of data or collectors of such data from individuals within the EU. Concerned about the potential burden of compliance on foreign businesses, some international websites have taken steps to block EU users on the effective date, thereby removing the need to comply and ensuring against potential liability under the regulation. USA Today’s international website redirected users to simplified sites limited in scope. Other U.S. newspapers with European editions made them temporarily unavailable to readers in the EU. In another example of responses by U.S. companies, Instapaper, a read-it-later app, temporarily shut off access to European users to allow sufficient time for compliance.

Q: What type of data is protected by the General Data Protection Regulation and how’s it protected?

A: Personally identifiable information is anything that allows a living person to be identified directly or indirectly. Such data elements include name, email and home addresses, medical information, bank or other financial information, computer IP address and photos. A data processing officer must be appointed by businesses involved in processing or collecting data who is similar to a compliance officer with special information technology proficiency in managing and securing personal and sensitive data as well as a local representative for the company. Individuals have the right to the portability (access) of their stored data, erasure of data in certain circumstances, the right to file complaints with the data processing authority and the right to contract automated decision-making made on a solely algorithmic basis. Data breaches must be reported in a manner similar to the Health Information Portability and Accountability Act of 1996 and its amendments (HIPAA).

Q: You mentioned HIPAA. Is informed consent required for American businesses engaged in business in Europe similar to that required for HIPAA?

A: Personally identifiable information may be lawfully processed under the General Data Protection Regulation with informed consent or with a legal basis for doing so which ranges from legitimate interests of the entity collecting the data or a third party performing a task under official authority in the public’s interest, in compliance with the controller’s legal obligation, in fulfillment of a contract with a data subject, and to protect vital interests of a data subject or another person. There are some similarities to the HIPAA informed consent and the various exceptions to the consent requirement including the requirements of clarity and the opportunity to withdraw consent. As with HIPAA, individuals must be apprised of their privacy rights and their ability to withdraw consent at any time under the General Data Protection Regulation.

Q: Are there exceptions or limitations to an individual’s right of access to information?

A: Limitations to disclosure and the individual’s right of access to protected data exist for overriding interests such as national security. Further, in recognition of the importance of providing health care across country boundaries and clinical research to fight disease, the General Data Protection Regulation doesn’t apply to statistical and scientific analyses. A recognition of the need to maintain the integrity of clinical research resulted in the limitation of the erasure right of the individual. The strengthened data protections of the General Data Protection Regulation are limited in the face of requirements of good science although companies engaging in clinical research, including patient recruitment in the EU, will need to evaluate their data compliance plans considering the requirements of the newly enforced law. In addition, the General Data Protection Regulation doesn’t apply to data related to employer-employee relationships.

Published: 7/20/18;

/by
, ,

Oklahoma Medicaid plans offer solution for high cost of prescription drugs

In this article, Oklahoma City healthcare attorney Mary Holloway Richard discusses steps Oklahoma has taken to lower prescription drug costs for consumers.

Q: Oklahoma recently has been recognized by Secretary Alex Azar, of the U.S. Department of Health and Human Services, for innovations in its Medicaid prescription drug program designed to lower drug costs to the state. How was the state able to accomplish this feat?

A: Medicaid is a federal program that’s administered by the states. In Oklahoma, it’s administered by the Oklahoma Health Care Authority. So, while the state receives some federal funding, a good portion of Medicaid funds are supplied by the state. In order to reduce costs related to prescription drugs, Oklahoma applied to the Centers for Medicare & Medicaid Services (CMS) and was granted an amendment to the Oklahoma State Plan that facilitates prescription drug cost savings. The plan links the payment of a drug to its effectiveness and outcomes. This is essentially what we refer to as “value-based” prescription drug purchasing. CMS reports that “(t)he state plan amendment proposal submitted by Oklahoma will be the first state plan amendment permitting a state to pursue CMS-authorized supplemental rebate agreements involving value-based purchasing arrangements with drug manufacturers.” This program is part of the Trump administration’s “American Patients First” blueprint, designed to address rising drug prices.

Q: How will the amendment work in Oklahoma?

A: The amendment to the state plan, as approved by CMS, now allows Oklahoma to negotiate and enter into valued-based contracts with drug manufacturers. This means that, through identifying the most effective medications, the state can tailor its negotiations with manufacturers to drugs that have demonstrated the most success in treating patients, thereby achieving cost savings and efficiencies in treatment. Negotiating value-based contracts will supplement Oklahoma’s ability to control drug prices under its current participation in the Sovereign States Drug Consortium. The Consortium negotiates supplemental rebates on behalf of states. Oklahoma is free to accept or reject rebate offers.

Q: Are there other cost saving initiatives related to decreasing prescription drug costs?

A: Currently, certain drugs have a preferred status if they’re listed on the Medicaid State Supplemental Rebate Agreement. Almost every state Medicaid plan, including Oklahoma’s, gives the state the authority to negotiate supplemental rebate agreements with drug manufacturers. These agreements allow for rebates to be given to the state by manufacturers as least as large as those provided in the Medicaid national drug rebate agreement. Importantly, two other parts of the Trump administration’s plan to decrease drug costs include giving Medicare insurance plans greater ability to negotiate for the Medicare Program (Part B and prescription drugs) and to make drug prices transparent for consumers. The latter part of the president’s plan would require drugmakers to disclose list prices in public advertising.

 

Published: 7/10/18; by Paula Burkes
Original article: https://newsok.com/article/5600913/oklahoma-medicaid-plans-offer-solution-for-costly-prescription-drugs

/by