AHLA’s 2017 Annual Medical Centers Program

Ambler, Pennsylvania, resident and lawyer Brad Rostolsky completed his master of public health at the Emory University Rollins School of Public Health in 1999. His academic training in health policy became the foundation of his legal practice as a health care transactional and regulatory attorney. Today, Brad Rostolsky is a member of the American Health Lawyers Association (AHLA).

The AHLA provides resources for its members concerning the practice of health law. This educational organization has over 14,000 members, including lawyers, health care consultants, and compliance and privacy officers. To educate its members, AHLA conducts regular events, such as the Annual Medical Centers program.

On March 9-10, 2017, the Annual Medical Centers program will discuss the topic of Legal Issues Affecting Academic Medical Centers and Other Teaching Institutions. Academic medical centers are invited to participate in the event, which will explore legal issues unique to their practice. The two-day event will also serve as a venue for sharing new health care practices.

The 2017 Annual Medical Centers program will take place at Baltimore Marriott Waterfront Hotel in Maryland.

The Business Law Section at the Philadelphia Bar Association

A health care transactional and regulatory lawyer, Brad Rostolsky is an attorney at the Reed Smith law firm in Philadelphia, Pennsylvania where he leads the group's HIPAA and Health Privacy and Security practice. Brad Rostolsky is also involved in the Philadelphia Bar association and is Co-chair of the Health Law Committee.

The Philadelphia Bar was founded in 1802, making it the oldest professional association of attorneys in the United States. The association provides legal advice on complex issues and also provides a forum for professional growth and networking.

One of the oldest sections of the Philadelphia Bar is the Business Law Section, which encompasses the Health Law Committee that Mr. Rostolsky co-chairs. The section seeks to provide networking and continued education for business lawyers and also communicates relevant industry information to members for use in their practices. In addition to the Heath Law Committee, other examples of committees under the Business Law Section include cyber law, bankruptcy law, and insurance law.                            

How HIPAA Affects the Handling of Medical Information

A native of Ambler, Pennsylvania, Brad Rostolsky is a partner at Philadelphia office of Reed Smith. At work, Brad Rostolsky deals with various legal issues affecting the health care industry, including those involving health care privacy.

There are numerous laws that govern how health care entities treat medical information. These laws operate in order to facilitate smoother information flow between members of the healthcare team in balance with the need to keep patient level information private and secure.

One such federal law is the Health Insurance Portability and Accountability Act (HIPAA), which is regarded as the baseline federal legislation that regulates health care information. There are various ways that the HIPAA protects medical information. Among them, it creates a system which controls how certain health information is being disclosed. In relation to this, it establishes the rights of individuals pertaining to their health information.

Additionally, it institutes security standards for regulated entities when they manage or transmit electronic patient information. It must be noted, however, that HIPAA only affects defined regulated entities, which includes health care providers, health care insurers, health care clearinghouses, and vendors to any of the aforementioned types of entities that need to use protected health information to provide their services. Information used by entities not regulated under HIPAA does not implicate the various privacy and security protections afforded under HIPAA.

The AHLA Neutrals Program

Brad Rostolsky works with Reed Smith LLP in Philadelphia, where he focuses on HIPAA and health privacy issues. A resident of Ambler, Pennsylvania, he belongs to the American Health Lawyers Association (AHLA). Health lawyers like Brad Rostolsky come together as part of the AHLA to advance the profession through education, volunteer work, and participation in events.

An important program that AHLA provides is its neutrals program that lets members combine health law expertise with negotiation and mediation skills to resolve cases in a fast, fair, and inexpensive manner. Neutrals can serve as arbitrators, mediators, or hearing officers, provided they have appropriate training in that aspect of case resolution. AHLA retains a percentage of the amount invoiced by neutrals in order to operate the program.

AHLA offers its own 14-hour training program for arbitrators, though this training can also be earned elsewhere. Mediators must complete 20 hours of training through a reputable organization, such as a court, law school, or community mediation center. To become a hearing officer, an attorney must complete an AHLA peer-review training course. Those who have already served as counsel or as a hearing officer in two completed hearings, however, do not need to complete the course.

Keep HIPAA Compliant while Working from Home

A partner in the Philadelphia offices of Reed Smith LLP, Brad Rostolsky practices in the firm’s Life Sciences Health Industry Group. Focused primarily on health care regulatory and transactional law, Brad Rostolsky advises clients on information privacy and security compliance under the Health Insurance Portability and Accountability Act (HIPAA).

Because HIPAA directly addresses the need for security in electronic transmission of health-related information, allowing employees to work from home includes the need for companies to take various steps to ensure privacy and security. Companies typically start by assessing their risk, whether employees use a cloud-based system or tap directly into the network. Companies should also implement security protocols at the computer level, such as installing antivirus software and scheduling regular security updates.

Once a company implements security procedures for employees working from home, it should continually monitor the security of its systems and audit employees for compliance. The company must keep a careful log of employees who work from home, which allows for efficient updates of security software and connectivity practices. Implementing policies that address the actual manner in which employees/workforce members interact with the company's system is also critical.

Silent Circle Protects Android Security

 


Brad Rostolsky is a lawyer specializing in health and privacy law at Reed Smith, a top firm with offices all over the world. In addition to memberships with the American Health Lawyers Association and the American Bar Association, Brad Rostolsky is a member of the International Association of Privacy Professionals (IAPP).

Policy-neutral IAPP is the largest information privacy organization in the world. In one of its news items on the state of privacy, the IAPP reported on a new operating system for Android phones called Silent OS 3.0. Created by an encrypted-communications firm called Silent Circle, the operating system will include a program called Privacy Meter that will scan the phone for behavior by apps that may compromise the device’s security. The program will alert the user if any browsing certificates have been changed or if the user’s location is being shared by an app. Other programs created by Silent Circle include Silent Phone and Silent Text, which encrypt communications to prevent third-party surveillance.

The HIPAA Breach Notification Rule

Brad Rostolsky is a proficient healthcare law attorney with a Juris Doctorate from the Duquesne University School of Law and a Master in Public Health from Emory University. A partner at the Reed Smith law firm, Brad Rostolsky is an expert on HIPAA alignment and leads the HIPAA and Health Privacy and Security group at the firm.

HIPAA, representing the Health Insurance Portability & Accountability Act, was enacted in 1996 and included new requirements related to the privacy and protection of protected health information (PHI). One current component of HIPAA is 45 CFR §§ 164.400-414, the HIPAA breach notification rule, which requires organizations that handle PHI to provide notification in the event of a data breach.

A HIPAA data breach is defined as impermissible disclosure of unencrypted PHI. Once a breach occurs, an organization may need to notify several layers of affected parties. These layers include all individuals affected by the data that was disclosed, prominent news and media outlets in the area, and the secretary of the federal Department of Health and Human Services via a web based breach reporting form. For additional information on HIPAA policy, visit www.hhs.gov/hipaa.