April 12, 2018
The Division of Health and Human Services has filed a proposal to reject a court case filed by the healthcare information management firm Ciox Health asserting the court case lacks footing.
Earlier this year, Ciox Health filed a court case disputing alterations to HIPAA in 2013 and consequent implementation help released by the HHS in 2016. The alterations to the HIPAA Secrecy Law in 2013 in question put a restriction on the amount that might be charged by protected units for providing patients with copies of their health files. The charges should be restricted to a rational cost-based fee. In 2016, the HHS released help for the public describing the rulemaking and providing replies to frequently asked questions regarding medical files access.
Ciox Health asserts the changes endanger to upend the medical files industry and that the updates and guidance are ultra vires, illogical and unpredictable. Ciox Health is also in search of injunctive relief to halt the HHS from illegally applying the rules.
In its motion to reject the court case, filed in the U.S. District Court in Washington, D.C., HHS describes that the entitlements made by Ciox Health lack status as the rulemaking it is challenging only relates to HIPAA-covered units. Ciox Health a business associate, not a protected unit. HHS points out Ciox Health is defying a law that the firm is not depending on. Further, the help which has been challenged has no strength or effect of the rule and as such, there is nothing for Ciox Health to defy.
The bills that Ciox Health can charge for providing copies of medical files aren’t controlled by HIPAA. The HIPAA Law that the company is defying is related to the fees that protected units can charge patients. The dues that Ciox Health charges protected units is a problem for Ciox Health to settle with the protected units that it serves.
HHS clarified the demands of Ciox Health need reputation and a challenge has been made against “a law that is moored in a difficult legal scheme without basing the challenge on any solid enforcement action,” also CIOX Health failed to prove that it has experienced an injury as a consequence of the 2013 rulemaking and 2016 guidance and there are no legal reasons to make the claims.
“Since HHS has not and cannot take implementation action against Ciox concerning the fees it charges for separate requests of PHI, Ciox can’t raise either an enforcement or pre-enforcement challenge to the Privacy Law provision and guidance at issue.”