Anna D. Kraus

Anna D. Kraus

Anna Durand Kraus has a multi-disciplinary practice advising clients on issues relating to the complex array of laws governing the health care industry. Her background as Deputy General Counsel to the U.S. Department of Health and Human Services (HHS) gives her broad experience with, and valuable insight into, the programs and issues within the purview of HHS, including Medicare, Medicaid, fraud and abuse, and health information privacy. Ms. Kraus regularly advises clients on Medicare reimbursement matters, the Medicaid Drug Rebate program, health information privacy issues (including under HIPAA and the HITECH Act), and the challenges and opportunities presented by the Affordable Care Act.

Subscribe to all posts by Anna D. Kraus

Legislation Seeks to Regulate Privacy and Security of Wearables and Genetic Testing Kits

Last week, Senators Amy Klobuchar (D-MN) and Lisa Murkowski (R-AK) introduced the Protecting Personal Health Data Act (S. 1842), which would provide new privacy and security rules from the Department of Health and Human Services (“HHS”) for technologies that collect personal health data, such as wearable fitness trackers, social-media sites focused on health data or … Continue Reading

HHS Releases Voluntary Cybersecurity Guidance

Hospitals and other health care organizations are attractive targets for cyber-attacks, in part because their databases contain medical records and other sensitive information. Breaches of this information could have very serious implications for patients.  Moreover, electronics connected to a health care facility’s network keep people alive, distribute medicines, and monitor vital signs. As a result, … Continue Reading

Draft House Cures Legislation Would Amend Federal Privacy Laws (Third Post in a Series)

As we discussed in two prior posts (here and here), the April 29, 2015, draft House 21st Century Cures bill would make several changes to federal health privacy law. This post focuses on provisions that would relax limitations on payment for PHI disclosed for research purposes and that would expand the purposes for which covered … Continue Reading

Draft House Cures Legislation Would Amend Federal Privacy Laws (Second Post in a Series)

As we discussed in a prior post, the April 29, 2015, draft House 21st Century Cures bill would make several changes to federal health privacy law. This post focuses on provisions that would allow remote access to PHI for purposes preparatory to research and that would permit individuals to make a one-time authorization of the … Continue Reading

Draft House Cures Legislation Would Amend Federal Privacy Laws (First Post in a Series)

On April 29, 2015, the U.S. House Energy and Commerce Committee released a revised discussion draft of the 21st Century Cures Act (“Cures”). The Cures bill would make several changes to existing federal privacy regulations promulgated under the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health … Continue Reading

HHS Issues Guidance on Refill Reminders under HIPAA

On September 19, HHS released additional guidance on the “refill reminder exception” in HIPAA, which allows — in some circumstances — paid communications regarding a drug or biologic currently prescribed to a patient. Background In January 2013, HHS finalized new restrictions on marketing as part of the final omnibus rule implementing changes to HIPAA under … Continue Reading

HHS to Issue Guidance on HIPAA Marketing Restrictions

In a court filing on September 11, 2013, attorneys for the U.S. Department of Health and Human Services (HHS) announced that HHS intends to issue further guidance on certain new marketing restrictions under HIPAA, finalized last January as part of the final HITECH omnibus rule, and to delay enforcement of those new marketing restrictions until … Continue Reading

Supreme Court Justices Seem Skeptical of Vermont Law Restricting Use of Prescriber-Identifiable Data

The U.S. Supreme Court heard oral argument last week in Sorrell v. IMS Health, Inc.  As described in our earlier post, the case involves a constitutional challenge to a Vermont law prohibiting the use or sale of doctors’ identifying information in prescription records—i.e., prescriber-identifiable data—without the doctor’s express consent. The key legal issue, as framed … Continue Reading

Saskatchewan Information and Privacy Officer Issues Advisory on Health Record Disposition

Improper disposition of medical records appears to be an international problem.  The Saskatchewan Information and Privacy Officer recently issued regulatory guidance to health care providers on complying with the province’s health data protection law.  The guidance is being sent to all health regulatory bodies and health care organization privacy boards in Saskatchewan to remind them … Continue Reading

HHS Imposes $4.3 Million Civil Money Penalty for HIPAA Privacy Violations

The Office for Civil Rights (OCR) within the Department of Health and Human Services (HHS) announced Tuesday that it has issued a Notice of Final Determination finding that Cignet Health of Prince George’s County, Maryland (Cignet) violated the HIPAA Privacy Rule.  HHS imposed a $4.3 million civil money penalty on Cignet for the violations—the first … Continue Reading

HIPAA/HITECH Regulations are Coming: What do Pharmaceutical Companies Need to Know? (Part 4 of 5)

This is the fourth in our series on provisions of the Department of Health and Human Services (HHS) proposed rule implementing the HITECH Act that, if included in the final rule, are likely to have the greatest impact on the business operations of pharmaceutical and other life sciences companies.  We previously covered HHS’s proposed treatment … Continue Reading

HIPAA/HITECH Regulations are Coming: What do Pharmaceutical Companies Need to Know? (Part 3 of 5)

In this third post on the forthcoming HIPAA/HITECH regulations, we will discuss potential modifications to the rules regarding authorization for future research.  In earlier posts, we covered the Department of Health and Human Service’s (HHS) proposed treatment of communications about currently prescribed drugs and remunerated treatment communications.  Future Research In the proposed rule issued last July, … Continue Reading

FTC Issues Guidance on Medical Identity Theft

The Federal Trade Commission recently posted a frequently asked question designed to remind health care providers and health plans of their obligations when they become aware of medical identity theft.  The FAQ describes medical identity theft as occurring “when someone uses another person’s name or insurance information to get medical treatment, prescription drugs or surgery.  It … Continue Reading

HHS Sends to OMB Rule Expanding HIPAA Disclosure Requirement

On February 9, the Department of Health & Human Services (HHS) sent to the Office of Management and Budget (OMB) a proposed rule to implement the requirement in the Health Information Technology for Economic and Clinical Health (HITECH) Act that individuals be given an expanded accounting of disclosures of protected health information (PHI) contained in … Continue Reading
LexBlog