Mid-Atlantic Health Law TOPICS

Cyberattacks: Did you know that during the pandemic, cyberattacks against health care providers increased, and health-related entities, not just providers, should be on high alert? Researchers reviewed data from the U.S. Office of Civil Rights and found that reported cyberattacks against outpatient facilities and specialty clinics increased by 41%, attacks against health plans increased by 35%, and attacks against third-party business associates increased by 18%, from 2020 to 2021. One of the most notable ransomware attacks of 2021 occurred against the Maryland Department of Health (MDH). A ransomware attack on December 4, 2021, crippled much of the department’s work, including provider payments, COVID-19 data reporting and licensing efforts. Nevertheless, MDH notes that no patient data were compromised. Some functions, such as licensing operations conducted by the Maryland Board of Nursing, took nearly two months to restore.  

Peer Review Protections: Did you know that a recent Pennsylvania case established new boundaries for the Pennsylvania Peer Review Protection Act (PRPA) by holding that third- party peer review entities are not independently covered by PRPA, and that a hospital can, unintentionally, waive PRPA protection? In Bousamra v. Excela Health, a hospital hired two peer review agencies to conduct a review of stenting procedures performed by cardiologists. The court held that PRPA only protects “health care providers,” which are people or entities licensed to provide care to patients, and that companies solely dedicated to providing peer review services do not meet this criterion. Typically, however, when a hospital hires a peer review entity, the privilege applied to the hospital under PRPA extends to the peer view entity. Nevertheless, in this case, the hospital waived that privilege when it gave a media  conference and discussed the findings of the peer review entity’s report. As a result, the peer review entities must turn over their records in a medical malpractice suit. While this case only interprets Pennsylvania law, providers elsewhere are on notice, especially before publicly discussing the results of a peer review process.

Virtual Testimony: Did you know that the U.S. District Court for the District of Kansas recently required a pediatrician serving as an expert witness to testify in person even though the pediatrician requested a remote deposition to avoid spreading COVID-19 to his young patients who are not old enough to receive the vaccine? The court in L.D.M. v. LMH Health, held that the body language of the witness, which is hard or impossible to discern during a virtual deposition, is important for determining credibility. The pediatrician also did not identify how attending a deposition, in which the defendant offered to provide proof of all participants’ vaccination status, allow mask wearing and social distancing, and use plastic barriers between participants, put him more at risk for exposure to COVID-19 than his daily activities. While courts have the flexibility to allow some activities to occur virtually, ultimately each situation may be decided differently.

Alexandria K. Montanio
410-576-4278 • amontanio@gfrlaw.com