In the wake of some of the worst storms our country has ever faced, as seen in the devastation caused by Hurricane Harvey, in Texas, Hurricane Irma, in Florida, and now Hurricane Maria, in Puerto Rico and the U.S. Virgin Islands, it is important to understand some of the actions the United States federal government can take to assist victims of Mother Nature. How broad is the federal government’s authority? Who is that authority bestowed upon? Well, one such mechanism is the declaration of a Public Health Emergency by the Secretary of Health and Human Services (“HHS”) under Section 319 of the Public Health Service Act (“PHSA”).

Under Section 319 of the PHSA, the Secretary of HHS is empowered to declare a public health emergency, after consulting with public health officials, when the public is faced with either a (1) disease or disorder; or (2) public health emergency exists, including, but not limited to, an epidemic or bioterrorist attack.  Upon making such a declaration, the Secretary of HHS is authorized and empowered to “take such action as may be appropriate to respond to the public health emergency, including making grants, providing awards for expenses, and entering into contracts and conducting and supporting investigations into the cause, treatment, or prevention of a disease or disorder.” The Secretary’s expanded authority is not perpetual and only remains in effect for 90 days, or until the emergency ceases to exist if sooner than 90 days, with the option of a one-time renewal for an additional 90 days that can be made on the basis of new or the same facts underlying the initial declaration. However, once a declaration, and any renewal, if applicable, is made, the Secretary of HHS must inform the Congress, in writing, within 48 hours.

Practically speaking, what actions can the HHS Secretary take? Some discretionary actions include, but are not limited to: (1) waiving certain prescription and dispensing requirements under the Federal Food, Drug, and Cosmetic Act; (2) waiving or modifying particular requirements under Medicare, Medicaid, the Children’s Health Insurance Program and the Health Insurance Portability and Accountability Act; and (3) appointing temporary personnel for up to one year. These actions, in addition to others, help bring emergency relief to those in need.

On September 19, 2017, now former Secretary of HHS, Tom Price, declared a Public Health Emergency under Section 319 of the PHSA for the benefit of Puerto Rico and the U.S. Virgin Islands following the devastation caused by Hurricane Maria, and stated, in his press release, that “[d]eclaring a public health emergency for Puerto Rico and the U.S. Virgin Islands will aid in the department’s response capabilities – particularly as it relates to ensuring that individuals and families in those territories with Medicare, Medicaid and the Children’s Health Insurance Program (CHIP) maintain access to care.”  While this declaration is limited in scope, the actions authorized thereunder will help start the long recovery for the people who reside in Puerto Rico and the U.S. Virgin Islands.

Please kindly consider how you can get involved to help the people who have been negatively impacted by the devastation caused by Hurricanes Harvey, Irma and Maria.

On August 15, 2017, the Secretary of Health and Human Services, Tom Price, issued a press release reporting that almost $105 million dollars will be bestowed upon 1,333 health centers across the United States, including its territories; and Washington D.C. Secretary Price stated “Americans deserve a healthcare system that’s affordable, accessible, of the highest quality, with ample choices, driven by world-leading innovations, and responsive to the needs of the individual patient. Supporting health centers across the country helps achieve that mission.”

According to the Health Resources & Services Administration, also known as HRSA, federally qualified health centers (FQHC) “are community-based and patient-directed organizations that deliver comprehensive, culturally competent, high-quality primary health care services.”  The main function of a health center is to provide health services to underprivileged patients where affordable healthcare is either lacking or nonexistent. Services include, but are not limited to, mental health support, substance abuse aid, dental health and many other services. While there are numerous requirements for an organization to qualify as a FQHC, one interesting qualification is that the organization must elect members of the community to serve on its governing board—ensuring that the community has a role when it comes to its own healthcare.

Even though the concept of a health center may be foreign to many in the United States, health centers play an important role in our society.  HRSA has concluded that, based on data from its Uniform Data System, almost 26 million individuals (which equals 1 in every 12 people living in the United States) depended on a health center for health services in 2016, including more than 330,000 veterans. The study also found that 1 in every 3 people living in poverty relied on a health center in 2016.

Living in a politically toxic climate on the topic of healthcare and its reforms, as we currently do today, brings in a breath of fresh air to see our tax dollars being put to good use. Health centers have served as a unique and beneficial service for the underserved and underprivileged for the last 50 years, and the federal government’s continued support appears to be unwavering.

Effective March 1, 2017, the New York State Department of Financial Services promulgated regulations to help protect against cybercriminals and their efforts to exploit sensitive electronic data. These cybersecurity regulations apply to all individuals and entities that “operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law”, with a few exceptions.  This will undoubtedly result in insurance companies and other related healthcare entities, which hold sensitive patient health information, beefing up their internal and external rules and policies.  New York’s proactive stance should be taken with the utmost seriousness seeing that there are more than 400 cyberattacks each day over the internet, or almost 3 every minute.

The United States Congress has enacted a similar law to protect health information, the Health Insurance Portability and Accountability Act (“HIPAA”). However, because HIPAA was enacted and modified years prior to cybersecurity becoming a prominent threat to our society, HIPAA does not provide as much protection to patients’ electronic data as the New York regulations do.  HIPAA does provide important guidelines and safeguards to ensure the integrity and confidentiality of protected health information, but does not elaborate on many of the issues presented in New York’s cybersecurity regulations.

New York’s cybersecurity regulations require all “Covered Entities”, as defined in the regulations, to maintain a cybersecurity program to guard the confidentiality of Nonpublic Information, which includes a risk assessment and a comprehensive cybersecurity policy.  In addition, Covered Entities are now required to designate an individual to serve as the Chief Information Security Officer (“CISO”).  The CISO is tasked with overseeing, implementing and enforcing the Covered Entity’s cybersecurity policy, and is required to report, in writing and at least annually, to the Covered Entity’s Board of Directors or similar governing body.  The CISO’s report must include, as applicable, information on “(1) the confidentiality of Nonpublic Information and the integrity and security of the Covered Entity’s Information Systems; (2) the Covered Entity’s cybersecurity policies and procedures; (3) material cybersecurity risks to the Covered Entity; (4) overall effectiveness of the Covered Entity’s cybersecurity program; and (5) material Cybersecurity Events involving the Covered Entity during the time period addressed by the report.”

Compliance with the cybersecurity regulations will be transitioned over a two-year period with full compliance required by March 1, 2019.