Watch for Emerging Threats and Risks in 2023
By Greg Freeman
Over the coming year, risk managers can benefit by watching recent trends in telehealth, labor shortages, and data breaches.
Telehealth continues to be popular with providers and patients. With any mature technology, the longer it has been around, the more experience bad actors will have to exploit weaknesses. That means risk managers must continuously monitor for emerging threats and risks, says J. Malcolm DeVoy, JD, partner with Holland & Hart in Las Vegas. Telehealth likely is here to stay, although the demand may wane as pandemic fears subside.
The information obtained in the telehealth consultation may be of less value to criminals than what can be obtained if a records system is compromised, but it must be protected. DeVoy advises using telehealth platforms that continuously update their technology and security offerings.
Labor shortages also are affecting the healthcare sector, bringing related risks and potential liabilities. In addition to prudently managing their budgets, providers and facilities should be mindful that fair market value limitations still exist even in a market with intense competition.
“Overpaying personnel can potentially be a compliance issue and can give rise to liability, including civil monetary penalties,” DeVoy says. “As the public health emergency ends and healthcare spending resumes to pre-pandemic levels, it is possible there may be an overcorrection in the labor market, with more position eliminations and compensation reductions than needed, due to the current level of compensation and competition for talent. There is also a significant risk of long-term burnout and frontline caregivers simply disappearing from the field altogether.”
There also are compliance considerations to remember as the Biden administration implements more cybersecurity reporting rules. In 2021, the United States Court of Appeals for the 5th Circuit reduced a $4.3 million civil penalty against the University of Texas Medical Center arising from a HIPAA data breach. This may have been encouraging, but DeVoy says the risk of fines and administrative proceedings remains.
“While enforcement activity may be on the rise, the 5th Circuit’s decision signals that the Department of Health and Human Services may have to revisit its strategies and tools for obtaining the headline-grabbing civil monetary penalties it was receiving for data breaches several years ago,” DeVoy says. “That, in turn, may provide a false sense of comfort for entities subject to HIPAA.”
In addition to its existing enforcement priorities, the Biden administration is taking meaningful action in implementing Section 1557 of the Affordable Care Act (ACA), DeVoy notes. This section received some attention at the beginning of the COVID-19 pandemic when HHS asserted it as a basis for potential legal action against certain states with pre-ACA emergency response plans that discriminated in the provision of care based on pre-existing medical conditions and the likelihood of survival.
“Through Section 1557, the Biden administration likely will make active anti-discrimination efforts a part of many providers’ and facilities’ operations,” DeVoy says. “More immediately, the end of the COVID-19 public health emergency and its wind-down within federal and state agencies, including the expiration of certain waivers and flexibilities that will have been in place for almost three years, will require focus and attention from the healthcare industry.”
Over the coming year, risk managers can benefit by watching recent trends in telehealth, labor shortages, and data breaches.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.