Photo of Richard Zall

Rick Zall is chair of Proskauer's Health Care Group. Rick advises health care companies, investors and lenders in their most challenging transactions, including mergers and acquisitions, joint ventures, financings and complex commercial agreements.

With a deep understanding of the health care industry, Rick is known for providing practical, creative solutions in order to successfully close deals for his clients.

Rick advises clients on state and federal health care regulatory compliance matters, including the corporate practice of medicine, digital health, telemedicine, HIPAA, fraud and abuse, Medicare and Medicaid payment reimbursement, MACRA, and value based payment.

Rick advises clients on state and federal health care regulatory compliance matters, including the corporate practice of medicine, digital health, telemedicine, HIPAA, fraud and abuse, Medicare and Medicaid payment reimbursement, and value based payment.  As businesses globally are impacted by the Coronavirus (COVID-19) pandemic, Rick is a member of the firm’s Coronavirus Response Team helping clients respond and solve issues across myriad fronts, from understanding CARES Act programs to compliance with applicable state and local guidelines for employers to follow.

Rick is a respected thought leader in the health care industry and frequently presents at key industry events. He has served in government, is a co-founder of the New York Primary Care Development Corporation (PCDC), and earlier in his career was CEO of a private equity-backed medical management company. Rick has also directed two industry studies for the Robert Wood Johnson Foundation and serves as principal outside counsel and board secretary to the Clinton Health Access Initiative (CHAI).

On the back of the 2016 United States presidential election results, the health care industry ponders how a Republican president and Congress will transform the business environment. The health care industry has a number of important questions which need to be examined. Proskauer’s Health Care Group looks at key issues, including: the meaning of “repeal

“Sweeping changes” is how Leon Rodriquez, of the Department of Health and Human Services Office of Civil Rights (OCR), characterized the effect of the final omnibus Health Insurance Portability and Accountability Act (HIPAA) rule published in the Federal Register on January 25, 2013 at 78 Fed. Reg. 5566 (Omnibus Rule). There can be no disputing that statement. Indeed the 563-page Omnibus Rule makes a long list of significant changes to existing regulations. These include, among others:

  • modification to the standard for reporting breaches of unsecured personal health information (PHI);
  • extension of HHS enforcement authority over business associates;
  • expansion of the definition of the term business associate to include Health Information Organizations, E-prescribing Gateways, entities that provide data transmission services for PHI and which require routine access to such PHI, and personal health record vendors;
  • modifications to the requirements for business associate agreements;
  • new obligations for business associates to enter into business associate agreements with their own subcontractors;
  • the removal of limitations on the liability of covered entities for the acts and omissions of business associates;
  • changes to the requirements for notices of privacy practices;
  • new limitations on the sale of PHI;
  • new limitations on and clarifications concerning the use and disclosure of PHI for marketing;
  • relaxation of certain limitations on the use of PHI for fundraising; and
  • improvement to the regulations concerning authorizations for the use or disclosure of PHI for research.

Except as noted below with respect to provisions related to the requirements for business associate agreements and arrangements relating to the sale of PHI, the deadline for complying with the amended HIPAA regulations is September 23, 2013. Accordingly, covered entities, business associates, and business associate subcontractors will have to act expeditiously to come into compliance with the Omnibus Rule.

Below, we review the changes implemented in the Omnibus Rule in greater detail, and address some of the action steps that covered entities and business associates should take to comply.