On October 28th, the Federal Bureau of Investigation, the Department of Health and Human Services, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency alerted hospital administrators and security researchers about a “credible threat” of cyberattacks to American hospitals.  Four hundred American hospitals are being targeted in cyberattacks by the same Russian hackers whom American officials and researchers fear sought to cause problems with the presidential election.[1] The ubiquitous integration of medical devices throughout the hospital network environment provides a potential portal for cyberattacks by these and other criminals, which risk is increased during a pandemic. Hospital systems should consider cyberattacks on medical devices as a serious and evolving threat, and consult with legal counsel, insurance advisors and other experts to plan how to mitigate this threat going forward.

The Problem with Medical Devices

The problem with medical devices lies in their interconnectivity with the hospital’s information technology networks (“ITN”), which exposes the hospital’s ITN to vulnerabilities that exist in the medical device and its software. Presently, medical devices are deployed to fully leverage its connectivity to seamlessly integrate with the hospital’s ITN. Exacerbating the level of risk exposure is the exponential growth in the use of medical devices within the hospital. It is estimated that there are 10 to 15 million medical devices used in hospitals throughout the United States. On average, there are approximately 10 to 15 medical devices per bed.[2] The use of these medical devices and their linkage with the ITN of the hospital has transformed the delivery of health care, and improved patient safety and patient care. Connected medical devices are vital to care. They facilitate the collection and maintenance of important health data, provide greater patient mobility and independence, and facilitate care.

What is a Medical Device?

A medical device is defined by the Food and Drug Administration as:

  • an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including a component part or accessory which is:
    • recognized in the official National Formulary, or the United States Pharmacopoeia, or any supplement to them;
    • intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man or other animals; or
    • intended to affect the structure or any function of the body of man or other animals, and which does not achieve its primary intended purposes through chemical action within or on the body of man or other animals and which is not dependent upon being metabolized for the achievement of any of its primary intended purposes.”[3] (Emphasis added)

 

In short, a medical devices is a device that is intended to diagnose, cure, mitigate, treat, or prevent a disease in man or other animals.

Why are Medical Devices Particularly Vulnerable to Cyberattack?

Many medical devices were designed for stand-alone use, and not to be utilized in a connected environment. They were created to be unidirectional. Many were manufactured to be used right out of the box. Therefore, they were not intended to be protected from cyberattacks. In addition, the medical devices may contain outdated operating system or software. Also, they may lack timely software updates or patches. All of these weakness create a fertile environment for experienced hackers.

Who Would Want to Perpetrate a Cyberattack upon a Hospital, and Why?

The question then arises, who would want to infiltrate a hospital’s ITN? What would be their motives? There are a number of cyber-players who may wish to breach the hospital’s ITN. They include, but are not limited to the following: criminals, nation-state attackers, and hackers furthering a political or social cause. Most of the cyber-players who target hospitals have a financial motivation, such as to extort money for holding a hospital’s ITN hostage. Some wish to sell or use patient information for their own financial gain. Other cyber-players solely seek to disrupt the hospital and cause chaos to further their nation’s interests or to make a statement.

What Harm can a Cyberattack cause to a Hospital?

A cyberattack can result in an array of adverse consequences for the hospital. The following are some examples of the harm that a cyberattack could cause:

  • The attack could result in disruptions in patient care;
  • The attack could distort the reliability of the information that the hospital relies upon for care;
  • The attack could cause a loss and/or theft of patient information; and
  • The attack could paralyze the use of the hospital’s ITN.

Why are Hospitals More Vulnerable During this Time of COVID?

The COVID-19 pandemic has created the perfect opportunity for cyber attackers to exploit the vulnerabilities existent with some connected medical devices. In April, Interpol issued an alert warning that, since the beginning of the pandemic, it noticed a significant upsurge in detected cyberattacks on health systems.[4] This threat is aggravated by health care providers having an increased need for both medical devices and temporary external hospital facilities during the pandemic.

What Preventive Measures can a Hospital Undertake? What Potential Barriers Confront the Hospital in Implementing Such Measures?

The hospital should consider the following preventive measures:

  • Maintain a current inventory of the types of connected medical devices and where they are located within the facility;
  • Identify areas of vulnerability;
  • Isolate the systems that connect to medical devices;
  • Create additional local and segregated networks, as needed; and
  • Stress-test the connected medical devices.

Cost is a major barrier to some of these measures. Additionally, the existing capacity of the hospital’s ITN may also serve as a barrier.

In the final analysis, there is no risk-free cyber environment. The hospital must determine its risk appetite in consideration of the benefits offered by connecting medical devices to its ITN with its inherent vulnerabilities.  Hospitals should also consult regularly with their legal counsel, insurance advisors and experts to plan for and address the risks associated with their ITN, including those related to the use of medical devices.

Please do not hesitate to contact us to discuss how your hospital or health system can better prepare for the liability that can arise from cyberattacks.

[1]New York Times, Officials Warn of Cyberattacks on Hospitals as Virus Cases Spike, October 28, 2020, https://www.nytimes.com/2020/10/28/us/hospitals-cyberattacks-coronavirus.html

[2] IBM Institute for Business Value, Treating Healthcare Cybersecurity Woes, https://www.ibm.com/thought-leadership/institute-business-value/report/medical-device-security

[3]  FDA Medical Device Overview, https://www.fda.gov/industry/regulated-products/medical-device-overview

[4] Medtechdive, Coronavirus chaos ripe for hackers to exploit medical device vulnerabilities, April 8, 2020, https://www.medtechdive.com/news/coronavirus-chaos-ripe-for-hackers-to-exploit-medical-device-vulnerabilitie/575717/

 

An additional $20 billion in “Provider Relief Funds” is being made available pursuant to the Coronavirus Aid, Relief, and Economic Security (CARES) Act through a “Phase 3” General Distribution. However, time is running out for health care providers to apply to the U.S. Department of Health and Human Services for these funds. The application deadline for what may be the final round of relief funds is November 6 at 11:59 pm ET.

Who Can Apply?

Phase 3 of the General Distribution allows health care providers who did not begin operation until after January 1, 2020 to apply for funds and allows health care providers who have already received payments equaling 2% of patient revenue to receive additional funds.

On October 22, HHS announced that additional providers, such as residential treatment facilities, chiropractors, and eye and vision providers that have not yet received Provider Relief Fund distributions, are also eligible to receive funds from this last distribution.

When Will Distributions Be Made?

HHS intends to issue Phase 3 – General Distribution payments as soon as practical following the November 6, application deadline. Entities that have not yet received 2% of annual revenue from patient care will be first to receive funds from the Phase 3 General Distribution.

The Phase 3 final payment amounts for applicants that have already received payments equaling 2% of annual patient care revenue will be determined once all applications have been received and reviewed.

How Will HHS Calculate 2% of Annual Revenue for Providers in Operation Less Than a Year?

Providers that began providing patient care in 2020 will be paid approximately 2% of patient care revenue based on the applicant’s reported financial information for those months in 2020 that they were in operation.

HHS has also stated that it may consider data from the same type of provider as the applicant when assessing the amount to be paid. However, no additional details have been provided at this time regarding how that assessment of similar providers will be utilized to assess funds to be received.

How Will Distributions Over 2% Of Annual Revenue Be Calculated?

The Phase 3 General Distributions will also take into account the financial impact of COVID-19 on individual providers and assess whether additional funds should be distributed to certain providers. The actual additional amount to be received will depend in part on the CARES Act funds available after the Phase 3 General Distribution to those that have not yet received an amount equivalent to 2% of annual revenue.

In assessing whether to award a provider additional funds over the 2% annual revenue amount, HHS will consider: (1) a provider’s change in operating revenue from patient care; (2) a provider’s change in operating expenses from patient care, including coronavirus expenses, and (3) payments received by the provider as part of previous Targeted Distributions.

Additional Considerations

  • Providers that are newly eligible for receipt of funds, such as those that did not operate until after January 1, 2020, should submit their TIN for validation as soon as practical in order to ensure that they can submit an application before the November 6 deadline.
  • Providers that previously submitted applications will need to submit a new application to receive additional funds.
  • Providers must agree to certain Terms and Conditions related to the use of funds.
  • Providers receiving more than $10,000 must meet certain Reporting Requirements. See HHS Sets Reporting Deadlines for CARES Act Provider Relief Funds 

Providers are encouraged to start the application process as soon as possible so as to not miss out on what may be the last general distribution of funds.

On October 2, 2020, Health and Human Services (HHS) Secretary, Alex M. Azar II, announced the renewal of the public health emergency declaration due to the continued consequences of the COVID-19 pandemic. The 90-day renewal is effective October 23, 2020, and extends until January 20, 2021.

The renewal impacts a number of regulatory flexibilities and temporary rules applicable to health care providers including, but not limited to, 1135 Waivers, HIPAA enforcement discretion, and fraud and abuse enforcement discretion – all of which are effective only for the duration of the public health emergency.

  1. 1135 Waivers

Section 1135 of the Social Security Act grants HHS the power to waive and/or modify certain federal healthcare requirements during a federal emergency to (i) ensure individuals enrolled in Medicare, Medicaid, and the Children’s Health Insurance Program (CHIP) have sufficient access to health care items and services and (ii) protect health care providers furnishing such items and services in good faith during emergency conditions against penalties for noncompliance.

Presently, HHS and the Centers for Medicare and Medicaid Services (CMS) have issued numerous “blanket” waivers and state-specific Medicaid waivers in connection with the COVID-19 public health emergency (including waivers related to sanctions under the physician self-referral law (Stark Law) for COVID-19 purposes).

These waivers afford health care providers enhanced flexibility with regard to Medicare telehealth services, waive certain physician hospital privilege requirements/credentialing process requirements, and suspend many reporting requirements.

  1. HIPAA Enforcement Discretion

The HHS Office of Inspector General (OIG) has issued various guidance providing for OIG enforcement discretion with regard to certain provisions of HIPAA (e.g., privacy, security, and breach notification rules) as it relates to permissible telehealth practices, business associates making disclosures for public health purposes, and community-based testing sites (CBTSs).

Note that in conjunction with the relaxation of certain federal HIPAA privacy and security rules during the public health emergency, health care providers should continue to be cognizant of compliance with other applicable state privacy laws to the extent they are still in effect.

  1. Fraud and Abuse Enforcement Discretion

In connection with applicable HHS waivers, the HHS Office of Inspector General (OIG) has issued guidance relaxing the imposition of administrative sanctions under the Anti-Kickback Statute and Stark Law for certain COVID-19 response activities (see also this OIG Policy Statement regarding physicians and other practitioners that reduce or waive amounts owed by federal health care program beneficiaries for telehealth services during the public health emergency).

Note that HHS retains the discretion to terminate the public health emergency at any time and is not required and/or obligated to extend the present declaration beyond its January 20, 2021 expiration. Accordingly, health care providers should be mindful of termination, expiration, and renewal timelines applicable to COVID-19 related emergency measures, which could immediately eliminate current regulatory flexibilities (such as the ones discussed herein).

If you have any questions regarding the COVID-19 public health emergency, the regulatory flexibilities and temporary rules applicable to health care providers, or anything related thereto, please do not hesitate to contact us.

In 2016, the Obama Administration issued a regulation implementing Section 1557 of the Affordable Care Act (ACA) (the 2016 Rule), which redefined sex discrimination to include termination of pregnancy and gender identity. Despite efforts by the U.S. Department of Health and Human Services (HHS) to repeal and revise certain provisions of the 2016 Rule through a new Rule, a NY Federal Court issued a preliminary injunction on August 17, 2020 against the new Rule from becoming effective.

Section 1557 of the ACA is a civil rights provision that prohibits discrimination on the basis of race, color, national origin, sex, age, or disability by providers that receive federal funding.

Notably, the 2016 Rule redefined discrimination “on the basis of sex” to include “discrimination on the basis of pregnancy, false pregnancy, termination of pregnancy, or recovery therefrom, childbirth or related medical conditions, sex stereotyping, and gender identity.” The 2016 Rule defines “Gender identity” as “one’s internal sense of gender, which may be male, female, neither, or a combination of male and female.”

Pursuant to a Press Release issued on June 12, 2020, HHS announced it had a finalized a rule (the 2020 Rule) that revised certain provisions of the 2016 Rule. Of note, the 2020 Rule returns “to the government’s interpretation of sex discrimination according to the plain meaning of the word “sex” as male or female and as determined by biology.” The 2020 Rule was to become effective as of August 18, 2020.

On August 17, 2020, the U.S. District Court for the Eastern District of New York issued a preliminary injunction staying the 2020 Rule’s repeal of the definition of “on the basis of sex”, in a case involving two transgender women who filed their suit in an effort to prevent implementation of the 2020 Rule. In the case (Asapansa-Johnson Walker v. Azar), the two women allege health care providers previously discriminated against them based on their transgender status.

In light of the above, health care providers should continue to take proactive steps to implement policies regarding discrimination on the basis of sex (including, but not limited to, gender identity sensitivity).  In addition, health care providers should educate and train physicians and staff on the importance of gender identity sensitivity and preventing discrimination in the workplace.

If you have any questions regarding the above, such as the implementation of effective protocols and policies to prevent workplace discrimination, please do not hesitate to contact us.

The U.S. Food and Drug Administration (FDA) issued a flurry of Press Releases and Alerts from mid-June through the end of July warning consumers and health care professionals not to use certain alcohol-based hand sanitizers due to the dangerous presence of methanol (or wood alcohol), a substance often used to create fuel and antifreeze that can be toxic when absorbed through the skin, and life-threatening when ingested.

The FDA has posted a do-not-use list of such dangerous hand sanitizer products, which is being updated regularly by the agency.  Note that in most cases, methanol does not appear on the product label. 

 Health care providers should frequently confirm that none of their sanitizers are on the list.

Last week, the FDA issued another Press Release regarding the Agency’s effort to prevent certain hand sanitizers from entering the U.S. by placing them on an import alert. In addition, the Press Release noted that the FDA is proactively working with manufacturers to recall products and is actively encouraging retailers to remove products from store shelves and online marketplaces. As part of these actions, the FDA has issued a warning letter to Eskbiochem S.A. de C.V. regarding the distribution of its products with undeclared methanol amounts, misleading claims (including incorrectly stating that the FDA approved these products) and improper manufacturing practices.

The FDA emphasized the importance of frequent hand washing with soap and water for at least 20 seconds and, if soap and water are not readily available, that the Centers for Disease Control and Prevention (CDC) recommends consumers use an alcohol-based hand sanitizer that contains at least 60 percent ethanol (also referred to as ethyl alcohol). The FDA further provided that no drugs, including hand sanitizers, are approved to prevent the spread of COVID-19.

On a related note, the scrutiny of hand sanitizer amid COVID-19 has been further highlighted by a newly filed suit in California federal court against hand sanitizer manufacturer, Vi-Jon Inc. The Complaint alleges that Vi-Jon Inc.’s claim “that its products can kill 99.99% of germs” is false, as there are a number of disease-causing microbes that the products are ineffective against.

If you have any questions regarding the FDA’s do-not-use list or the use of sanitizers, please do not hesitate to contact us.  To subscribe to the Health Care Law Matters Blog, click here.

New guidance issued by the U.S. Department of Justice (DOJ) highlights the importance of updating corporate compliance programs to satisfy regulatory requirements.  The 2020 updates pick up where the 2019 guidance left off in addressing the evaluation metrics for compliance.  The key takeaway for 2020 is that companies are encouraged to update and improve compliance programs with the latest in technology, systems and training.

The three questions considered by the  DOJ in evaluating corporate compliance programs include:

  1. Whether the program is well-designed?
  2. Is the program being applied earnestly and in good faith?
  3. Does the corporation’s compliance program work in practice?

With respect to design, the DOJ focuses on the program’s thoroughness and risk assessment practices based on access to data on operations, as well as the incorporation of “lessons learned” both internally and within the company’s industry.  The 2020 Guidance also suggests that periodic audits should be used to test the effectiveness of the program.

A determination that the program is being applied earnestly and in good faith will require a culture of compliance at all levels of the organization with implementation by all tiers of management.  In addition to requiring that compliance personnel have sufficient access to data, an organization should also demonstrate consistency in its investigations and disciplinary actions.  According to the 2020 Guidance, whether a  compliance program can satisfy the ability to work “in practice” will largely depend on whether the program evolved in a manner that addresses existing and changing compliance risks over time.

To read more about the 2020 Corporate Compliance Guidance, see the article published by attorneys at Fox Rothschild here:  https://www.managedhealthcareexecutive.com/view/doj-issues-important-updates-to-evaluation-of-corporate-compliance-guidance

If you have any further questions regarding your practice’s or facility’s corporate compliance program, please contact us.  To subscribe to the Health Care Law Matters Blog, click here.

Physician working at desk with stethoscope

Dentists are now able to receive funds from the U.S. Department of Health and Human Services’ Provider Relief Fund, as a result of the American Dental Association’s advocacy.

In a press release dated July 17, 2020, the U.S. Department of Health and Human Services (HHS) extended the deadline to apply for the funds to August 3, 2020, “to ensure eligible Medicaid and CHIP programs, including dentists, have the opportunity to apply.” Eligible dental providers can now apply through the Enhanced Provider Relief Fund Payment Portal and receive reimbursement up to 2% of their annual reported patient revenue.

To be eligible, dental providers must not have received payment from the $50 billion in general distributions made to Medicare, Medicaid and CHIP providers, and must meet one of the following criteria:

  • Directly billed (or owns a subsidiary that has directly billed) a state Medicaid or Children’s Health Insurance Program (CHIP) program or a Medicaid managed care plan for healthcare-related services during the period of January 1, 2018 to December 31, 2019.
  • Directly billed (or owns a subsidiary that has directly billed) a health insurance company for oral healthcare-related services.
  • Be a licensed dental service provider who does not accept insurance and has directly billed (or owns a subsidiary that does not accept insurance and has directly billed) patients for oral healthcare-related services.

In addition, the dental provider must have either (i) filed a federal income tax return for fiscal years 2017, 2018, or 2019 or (ii) be an entity exempt from the requirement to file a federal income tax return and have no beneficial owner that is required to file a federal income tax return, such as a state-owned hospital or health clinic.

Finally, eligible providers must:

  • Have provided patient dental care after January 31, 2020;
  • Have not permanently ceased providing dental patient care, whether directly or through a subsidiary (pandemic closures excluded); and
  • If the applicant is an individual, he/she has gross receipts or sales from providing dental patient care reported on Form 1040, Schedule C, Line 1, excluding W-2 income reported as an employee.

The full instructions for the distribution for Medicaid, CHIP, and Dental Providers via the Enhanced Provider Relief Fund Payment Portal, and a list of additional required documentation is found here. A copy of the application form is found here.

A useful fact sheet on eligibility for the distribution can be found here.

If you have any questions regarding Provider Relief Funds, including eligibility as a dental services provider, please do not hesitate to contact us.  To subscribe to the Fox Health Care Law Matters Blog, click here.

Widespread testing for the novel Coronavirus is generally recognized as an important tool in combating the spread of the virus. The World Health Organization is an advocate for broad testing, so as to better locate incidents of infection for purposes of isolation, caring, and tracking.

However, the cumulative cost for such testing is significant. In a study commissioned by the American Health Insurance Plans, it is estimated that the cost could range from $6 billion to $25 billion.  [See https://www.ahip.org/wp-content/uploads/AHIP-Wakely-COVID-19-Testing-Report.pdf.] The expenses are particularly high in the nursing home industry where states may have requirements for frequent staff and patient testing.  For example, in New York, nursing home staff are required to be tested twice a week and patients must be tested weekly.

The key question is who bears the burden for the costs of testing? Is it the consumer? Is it private insurance? Is it government? Or is it employers? During the early stage of the pandemic in the United States, on March 18, 2020, Congress passed the Families First Coronavirus Response Act (FFCRA). It was a time in which testing resources were scarce, and all segments of the health care community wanted to remove any financial barriers for testing for those individuals who were experiencing severe symptoms or were at serious risk of exposure to the virus. Accordingly, Section 6001 of the FFCRA, generally requires that group health plans and health insurers offering group or individual health insurance coverage provide benefits for certain services related to testing for the detection COVID-19 during the pandemic. Moreover, the FFCRA provides that plans and insurers must not impose any cost-sharing requirements, prior authorization, or any other medical management requirements with respect to such services.

In the subsequent months, as access to testing substantially expanded and more people are seeking testing, the commitment to free testing has been scaled back. Pursuant to guidance issued by the Trump Administration on April 11, 2020 and June 23, 2020 [see 2020 https://www.cms.gov/files/document/FFCRA-Part-42-FAQs.pdf and https://www.cms.gov/files/document/FFCRA-Part-43-FAQs.pdf], coverage for testing under the requirements of 6001 is triggered “when medically appropriate for the individual, as determined by the individual’s attending health care provider in accordance with current accepted medical standards of medical practice.”  The June guidance further stated that, “testing conducted to screen for general workplace health and safety (such as employee ‘return to work’ programs), for public health surveillance for SARS-Co-V-2, or for any other purpose not primarily intended for individualized diagnosis or treatment of COVID-19 or other health condition is beyond the scope of section 6001 of the FFCRA.”

However, the Centers for Disease Control and Prevention (CDC) states that testing is appropriate in the following five scenarios:

  1. Individuals with signs or symptoms consistent with COVID-19
  2. Asymptomatic individuals with recent known or suspected exposure to SARS-CoV-2 to control transmission
  3. Asymptomatic individuals without known or suspected exposure to SARS-CoV-2 for early identification in special settings
  4. Individuals being tested to determine resolution of infection
  5. Individuals being tested for purposes of public health surveillance for SARS-CoV-2

[see CDC Testing Guidance].

The money does not appear to support CDC recommendations.

While federal administrative guidance seeks to eliminate testing for certain purposes, the fundamental question is when is testing medically appropriate for the individual?  Currently, it is an interpretation and judgment call for the provider with potentially costly ramifications for the patients, insurance organizations and government.

If you have questions regarding how current legal requirements impact your practice’s or facility’s coverage of the cost of COVID testing, please contact us.   You may subscribe to the Fox Health Care Law Matters Blog here for updates.

Medical record requests by payors are commonplace for health care providers. Typically, these requests are received by a front desk employee who responds to the inquiry in short order.  Yet, not all requests should be treated the same.  When a request for documentation is propounded by the “Special Investigation Unit” (S.I.U.)  of an insurance company, special care should be exercised and provider involvement is required.

What is a S.I.U. anyway?  Over the past two decades, campaigns have intensified to curb fraud and abuse in health care.  On the government side, False Claims prosecutions have markedly increased and in the private sector, insurance companies have created specific departments to combat fraud.  The S.I.U. is a department within an insurance company with a targeted focus on recovering payments from medical providers that appear to be the product of fraud.  Individuals employed by a S.I.U. include former law enforcement personnel, claims adjusters and fraud analysts, among others, who receive specific training and credentialing in fraud detection.  These investigators utilize data analytics and other methods to flag providers for claims that fall outside of the “normal range” for the type of health care provider under review.

S.I.U. “audits” or requests for information about the practice should be taken seriously and taken to the top of your organization.   In many cases, special investigators receive incentives from the insurance company for recovering payments from providers.  They often attempt to “strong arm” a resolution by threatening a fraud claim, which in a number of states includes the prospect of treble (triple) damages, punitive damages, and attorneys’ fees.  In some cases, medical records produced by the provider (or the absence thereof) will assist the fraud allegation.  In others, the records will assist in supporting a defense to the same.

Here are 5 tips for your practice:

  1. Instruct  staff that all audit requests should be forwarded to the owner of the practice and the provider whose records are being requested.
  2. If the audit is deemed routine (not S.I.U. generated), instruct staff to make a copy of the records requested and the cover letter that attaches the records so that you can memorialize exactly what was provided and when.
  3. If you receive a letter from the S.I.U., reach out to an attorney who has experience in dealing with the S.I.U. to assist you through the process.
  4. If an investigator from the S.I.U. appears at your office, ask for a business card and do not let him/her disrupt patient care.  You can call them later (or your attorney can).
  5. Do not provide access to your electronic records or files to anyone — including anyone employed by a payor.

If you have any questions regarding a medical records request from a payor, please do not hesitate to contact us.  To subscribe to the Health Care Law Matters Blog, please click here.

 

On July 1, 2020, the Pennsylvania Department of Health and Gov. Wolf issued a 14-day quarantine recommendation for any individual returning to PA from any of 19 states.  The Department expects to adjust the list from time to time to reflect the rise or decrease in COVID-19 cases in states around the country.

Health care practices and facilities should consider modifying their patient and employee COVID-19 policies to reflect this new guidance.  Similarly, if health care practices or facilities have implemented Patient Notice and Acknowledgment Forms, these should be updated to reflect the new guidance.  All patient and employee screening efforts should include a question regarding travel to or from these states in the prior 14-day period.

Individuals returning from travel to states on PA’s travel list should “stay in their quarantine location for the full 14 days and avoid interacting with anyone including those in their household.”   However, this is currently a recommendation from the Department, not a requirement.

If you have any questions regarding how this new guidance applies to your practice or facility, please do not hesitate to contact us.  To subscribe to the Health Care Law Matters Blog for updates, please click here.