In a blog entry on May 3, 2012, CMS announced it
was delaying the
Sunshine Act requirement for data collection until January 1,
2013. CMS's stated rationale was:
In order to provide time for organizations to prepare for data
submission and to sufficiently address the important input we
received during the rulemaking process, CMS will not require data
collection by applicable manufacturers and applicable group
purchasing organizations before January 1, 2013.
A related May 3 letter to Senator Grassley from
CMS's Acting Administrator, Marilyn Tavenner explained that
CMS has set up an internal work group and will solicit additional
input from stakeholders as it moves toward issuing a final rule by
the end of the year. The work group includes both technical and
policy staff and "is currently assessing the staff and
resource requirements for full implementation of the program. CMS
also plans to issue a request for proposal this year to further aid
Senator Grassley was not pleased by this development, stating, "It's disappointing that CMS
won't even collect data at all this year. The process has
dragged on long past the statutory deadline for implementation.
Consumers need to know more about the financial relationships
between their doctors and drug companies sooner rather than later.
It's important that CMS get this right in every way, including
the usefulness and accuracy of the information. Given all of the
extra time, CMS will have no further excuses for not accomplishing
The tone of the CMS notices suggests we will not have final
regulations until the fall. If you were prepared to begin
collecting data, this further delay does provide an opportunity to
test your systems and utilize the data you collect for review of
the return on investment for such payment and other strategic
To view Foley Hoag's Security, Privacy and The Law
Blog please click
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The 2010 theft of an unencrypted laptop containing confidential health care information made front-page news in 2013, not because a huge number of patients were affected, but for the exact opposite reason.
Any company that collects personal data from consumers should take proactive steps to have appropriate legal counsel review its data security practices, as well as its terms of service or privacy practices, to identify any potential problem areas.
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published on its website a series of factsheets designed to educate consumers unfamiliar with their rights under the Health Insurance Portability and Accountability Act’s (HIPAA) Privacy and Security Rules.