Stay ahead of developments in federal and state health care law, regulation and transactions with timely, expert news and analysis.
By James Swann
Privacy and security concerns are mounting as Uber and Lyft break into the medical transportation space.
The two companies recently rolled out separate initiatives to drive patients to and from medical appointments, acting on behalf of health-care providers.
The arrangements expose Uber and Lyft to possible violations of health-care privacy rules and regulations and may raise overall compliance costs.
Just over 3.5 million U.S. patients have trouble getting to doctor’s appointments, according to Lyft, and 25 percent of lower-income patients have missed appointments or been forced to re-schedule because of transportation issues.
Federal and state privacy laws are major concerns with the Uber and Lyft arrangements, Stephanie Trunk, a health-care attorney with Arent Fox LLP in Washington, told Bloomberg Law.
Uber and Lyft will have to implement adequate administration and technical safeguards to comply with the federal Health Insurance Portability and Accountability Act’s Privacy and Security rules, Trunk said.
Uber, a privately traded San Francisco-based company, completes 10 million trips a day and operates in 77 countries. Lyft, also based in San Francisco, completes around 1 million trips a day and operates in the U.S. and Canada. Lyft has a market value of $11.5 billion as of December 2017, compared with Uber’s $54 billion market value.
“What is interesting in the proposals is that the individual drivers aren’t employees of Uber and Lyft but are independent contractors,” Trunk said. Uber and Lyft will have to train their drivers on HIPAA compliance and maintain effective oversight over their respective programs, Trunk, a Bloomberg Law advisory board member, said.
A major concern would be drivers or Uber Health leaking the names of patients who are being driven to medical appointments, as well as where they’re going.
Uber Health was rolled out March 1 and is already being used by more than 100 health-care organizations, including Washington-based Georgetown Home Care and Yale New Haven Health.
Lyft announced an agreement with health technology company Allscripts March 5 to allow health-care providers to use Allscripts electronic health records network to provide transportation for patients. Patients who aren’t able to drive to an appointment will be flagged in the EHR, which will then automatically schedule a Lyft car to pick them up.
Allscripts is a publicly traded EHR vendor in Chicago.
Uber Health is contracting with a dedicated compliance company—Nashville, Tenn.-based Clearwater Compliance—that will perform periodic audits of the new program, Jay Holley, Uber Health’s head of partnerships, told Bloomberg Law.
Providers will be able to log in to Uber Health’s third-party, HIPAA-compliant platform and order or schedule a ride for a patient, Holley said. Uber drivers will approach an Uber Health ride no differently than a regular Uber ride, Holley said, and will receive no indication that they’re taking a patient to a medical appointment.
Uber Health enrolled over 100 health-care organizations prior to the official debut of the program, Holley said, including both urban and rural organizations. The idea was to ensure that the program was relevant in all geographic locations, Holley said.
Lyft has already signed HIPAA-compliant business associate agreements with health-care partners, Kate Margolis, a Lyft spokeswoman, told Bloomberg Law. Lyft is committed to protecting personal identifiable information and has a dedicated in-house team focused on health-care compliance, Margolis said.
“Employees who are directing and carrying out the day-to-day functions of our health-care partnerships take annual HIPAA-compliance training,” Margolis said.
Lyft launched its Concierge service in 2016, enabling third parties to request rides to and from medical appointments, Margolis said. Lyft was already working with nine of the top 10 largest health systems in the U.S. prior to the new venture with Allscripts, Margolis said.
Uber Health is being engaged by health-care providers as a business associate, and will have to sign business associate agreements as a result, but it’s unclear how the drivers will be categorized, Colin Zick, a health-care attorney with Foley Hoag LLP in Boston, told Bloomberg Law.
The drivers will likely need to sign sub-business associate agreements with Uber, Zick said.
Business associates are individuals or organizations that perform certain services involving the use of protected health information on behalf of a HIPAA-covered entity.
Uber Health will have to address potential patient inducement issues, which have been the focus of several Department of Health and Human Services advisory opinions about patient transport, Zick said. HHS enforces federal health-care privacy laws.
Civil monetary penalties can be assessed against anyone who offers remuneration to a Medicare beneficiary that could influence the beneficiary’s choice of provider.
Uber and Lyft will have the full names of the patients being driven for billing purposes, and will need effective safeguards to prevent any illegal disclosures, Eric Fader, a health-care attorney with Day Pitney LLP in New York, told Bloomberg Law.
To comply with HIPAA’s minimum necessary standard, the individual drivers shouldn’t be given more than the patient’s first name and pickup location, Fader said.
To contact the reporter on this story: James Swann in Washington at firstname.lastname@example.org
To contact the editor responsible for this story: Kendra Casey Plank at email@example.com
Copyright © 2018 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)