Photo of Edward S. Kornreich

Past long-standing chair of Proskauer’s Health Care Department, Ed Kornreich is a recognized authority on the legal, regulatory and business issues related to health care services.

Areas of Concentration

Ed works primarily on health care transactions, regulatory compliance, health care payment and governance issues for varied providers (both for-profit and not-for-profit), vendors, GPOs, distributors and entrepreneurs. His approach combines sensitivity to meeting regulatory business goals with a comprehensive and realistic assessment of the health care environment, and he is particularly experienced in dealing with the complex issues related to integrated health care systems.

Industry Experience

After working for the Legal Aid Society, Ed entered private practice, where he helped represent a major public hospital corporation in a series of reimbursement disputes with the state and federal governments, and counseled New York area hospitals and nursing homes on reimbursement and operational issues. Thereafter, Ed served as General Counsel of St. Luke's-Roosevelt Hospital Center, one of the largest teaching hospitals in New York. After leaving St. Luke's-Roosevelt Hospital Center, Ed joined Proskauer as a Partner in 1990.

Thought Leadership

Ed frequently writes and lectures on Medicare and Medicaid reimbursement, health care integration, not-for-profit law and corporate governance issues, and the application of federal and state anti-kickback and “Stark” laws to health care transactions.

“Sweeping changes” is how Leon Rodriquez, of the Department of Health and Human Services Office of Civil Rights (OCR), characterized the effect of the final omnibus Health Insurance Portability and Accountability Act (HIPAA) rule published in the Federal Register on January 25, 2013 at 78 Fed. Reg. 5566 (Omnibus Rule). There can be no disputing that statement. Indeed the 563-page Omnibus Rule makes a long list of significant changes to existing regulations. These include, among others:

  • modification to the standard for reporting breaches of unsecured personal health information (PHI);
  • extension of HHS enforcement authority over business associates;
  • expansion of the definition of the term business associate to include Health Information Organizations, E-prescribing Gateways, entities that provide data transmission services for PHI and which require routine access to such PHI, and personal health record vendors;
  • modifications to the requirements for business associate agreements;
  • new obligations for business associates to enter into business associate agreements with their own subcontractors;
  • the removal of limitations on the liability of covered entities for the acts and omissions of business associates;
  • changes to the requirements for notices of privacy practices;
  • new limitations on the sale of PHI;
  • new limitations on and clarifications concerning the use and disclosure of PHI for marketing;
  • relaxation of certain limitations on the use of PHI for fundraising; and
  • improvement to the regulations concerning authorizations for the use or disclosure of PHI for research.

Except as noted below with respect to provisions related to the requirements for business associate agreements and arrangements relating to the sale of PHI, the deadline for complying with the amended HIPAA regulations is September 23, 2013. Accordingly, covered entities, business associates, and business associate subcontractors will have to act expeditiously to come into compliance with the Omnibus Rule.

Below, we review the changes implemented in the Omnibus Rule in greater detail, and address some of the action steps that covered entities and business associates should take to comply.