Young Lawyers Archives

May 22, 2015

Deadline to Apply as a Registered Organization is Quickly Approaching

By: Nicole Ozminkowski

On April 27, 2015, the New York State Department of Health ("DOH") announced that it would begin accepting applications from businesses interested in manufacturing and dispensing medical marijuana under the Compassionate Care Act.

The deadline to apply for one of the five registered organization licenses was initially May 29, 2015. More recently, the Department has extended the deadline to June 5, 2015. The Department has not, however, extended the timeframe within which it expects to issue the registrations. The DOH has set an ambitious timeline to get the program up and running and hopes to make its selection for the limited registered organization licenses this summer.

More information as provided by the DOH can be found in the Governor's press release and on the DOH's web page on medical marijuana.

May 8, 2015

Blog Welcomes Young Lawyers' Committee

The NYSBA Health Law Section recently established a Young Lawyers' Committee for members who were admitted less than ten years ago. The committee supports members who are establishing themselves in the health law profession, as well as those in other fields who are interested in exploring health law. Members of the committee will soon begin contributing to this blog.

Check the blog for posts tagged as "young lawyers," and please comment. Notes of encouragements and questions for young lawyer contributors would be welcome!

June 12, 2015

The Practice Through A Network Diagram

by Nathan Prystowsky

In a former life before I settled into health law I spent some time thinking about a career in land-use law. During one summer in law school I interned with the counsel's office for a local town. The town counsel at the time made sure that I got to know the planning and building departments by immersing myself in how to look at all the charts, diagrams, and architectural layouts. It was a valuable experience because when it came time to work at my first job in a midsized law firm I needed to be able to read an architectural layout, know what a curb cut was, and determine if the drawings conformed to regulations. So how does this apply to me now? Well it's the same skill but a different picture.

Now that the healthcare field has transitioned to electronic medical records and practice management systems ("EMR/PM"), healthcare lawyers need to picture how those technologies fit across multiple vendor relationships, in-office regulatory requirements, and practice needs. Knowing how to read a network diagram will help a lawyer sketch out any practices legal information landscape, and that's why it's essential. So let's take a look at a simple small practice network diagram to get the basics.

Small Office Network Diagram.jpg

Like any drawing we have the usual title, practice information, and author information that tells you the office being diagramed and who set up or presently maintains the IT for that office. Once you know you have the correct office the best place to start is the server. I think of it as the center of a wheel, where every spoke grows out from that center and connects to a piece of the office. Some very small offices don't have a server, but for most EMR/PM systems the specifications prefer the use of a server. The reason is that, for medical record data bases, it's easier to use a server with SQL to query the databases (that's just fancy talk for when you point and click on something it pulls up the information you want). The server basically houses all the information and performs most of the computing functions for the office.

I then follow the dots till I get to where the server connects to a firewall. In smaller offices you will find a most likely SonicWall device. Cisco devices are also popular, especially in larger practices and hospitals, but those devices are not the only option that are cost effective and allow the practice to protect against intrusions. The firewall connects to a switch. The switch functions by connecting all the local devices to the network. Local devices are workstations (desktop computers) and tablets and Smart Phones. Smart phones and tablets are becoming more widely used in practices because of the medical applications that are useful for practitioners.

Next, I like to see the uninterrupted power source on the network diagram because it shows some extra care has been put into protecting the server. It's commonly called a UPS and it's basically a surge protector with a battery and some nifty software that will shut down the server in a controlled way if the power goes out. You can toss this one in the technical safeguard bucket because it prevents some predictable data integrity issues that can happen during a random loss of power that forces an uncontrolled shutdown of a server which is known to corrupt data files. Uncontrolled shut downs are like those moments during a thunderstorm when the power goes out in the house and every electrical device turns off instantly with a "click." The UPS keeps things going long enough to go through the longer process necessary for a server. If you have ever shut down a computer this is where the pop up window says "preparing to shut down. This may take several minutes."

Most offices should have a backup appliance that copies images of the entire server and allows them to be accessed virtually from the cloud. The appliance works by making copies of the server and sending an encrypted copy into the cloud. In this case putting a copy on the cloud means a couple of big data centers with stacks of servers in different parts of the country hold onto a copy that can be accessed in an emergency if the office server gets damaged beyond repair. IT people call this a cloud restored virtualized backup.

It's also not uncommon to indicate external providers who have access to the network, like a hosted website with a built in portal to the electronic medical record that patients use to create or modify a profile. Sometimes a practice will host its own website and keep another server on site to do this. Two servers are necessary because it takes a lot of computer power to run a website and it will take away from using the EMR/PM if both the website and the EMR/PM are on the same server. You may be familiar with this problem that tech people call latency but our office calls the "slows." That's when you click on anything and it seems like it takes forever. Opening an email feels like it takes minutes not seconds, a new document feels like it takes minutes not seconds, and that webpage you want to look at online eventually gives up and says "cannot be loaded, would you like to retry?" Since its expensive to buy and maintain two separate servers most practices use an offsite host. This has an added benefit because it also protects the practice from intrusions from potential cyber threats. Remember websites are trying to get visitors. It's best not to keep visitors and private information in the same place.

Whether it's a small practice or a large hospital reviewing a network diagram also is a great way to get the gist of the IT contract and compliance picture at a glance. Looking over one tells me whether a backup vendor is being used, and whether I need to see if there are business associate agreements, a contract, and hopefully diligence done on the contract like obtaining a certificate of insurance or a SOC or SSAE audit. It also tells me what technical safeguards have been put in place for compliance purposes. Spend some time looking at one. It will help.

About Young Lawyers

This page contains an archive of all entries posted to HEALTH LAW SECTION BLOG in the Young Lawyers category. They are listed from oldest to newest.

Taxation and Finance is the previous category.

Many more can be found on the main index page or by looking through the archives.