Attention Kentucky Psychiatrists: Medical Review Panel Act Ruled Unconstitutional

On November 15, 2018, the Kentucky Supreme Court held that Kentucky’s Medical Review Panel Act (MRP Act) was unconstitutional. By way of background, the MRP Act required that a three-person medical review panel (Panel) must review all potential medical malpractice matters before the case could be filed in State court. The MRP Act required the Panel to review the evidence and provide one of three opinions:

  1. that the defendant failed to act according to the applicable standard of care, which was a substantial cause of the plaintiff’s injury;
  2. that the defendant failed to act according to the applicable standard of care but that failure was not a substantial cause of plaintiff’s injury; or
  3. the defendant did act according to the applicable standard of care. Plaintiffs, under the MRP Act could not file a lawsuit in State court until the review panel gave its decision (or after 9 months, if they did not give an opinion).

In its ruling, the Kentucky Supreme Court held the MRP Act was unconstitutional in its entirety. As a result, it is expected that any cases currently part of the MRP Act process will be immediately filed in Kentucky State court and not through the panel process. For a direct link to the opinion see: .

Attention Ohio Psychiatrists: The Ohio Data Protection Act

The Ohio Data Protection Act (ODPA) became effective November 1, 2018. The law is important for business data holders, including physicians, because it grants them a defense if a data breach occurs and they can prove it had a CyberSecurity program in place that meets industry-recognized security frameworks.

The ODPA is a voluntary law that grants incentives to companies if they meet a “higher level of security” by implementing a number of measures, including:

  1. having a written CyberSecurity Program; and
  2. implementing strong technical privacy controls in place to protect data.

Briefly, the ODPA applies to any business that “accesses, maintains, communicates, or processes personal information (as defined in Ohio Revised Code 1349.19) or restricted information,” which is defined as unencrypted information about an individual that can be “used to distinguish or trace the individual’s identity.”

Additionally, the ODPA applies to businesses that are subject to other industry-specific privacy laws, such as healthcare business subject to the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH). In order to assert the affirmative defense permitted under the ODPA, those businesses will have to comply with those laws to use the affirmative defense.

It is important to note that the ODPA is only applicable to a “tort that alleges or relates to the failure to

OCR Launches Public Education Campaign: Civil Rights Protections in Response to the National Opioid Crisis

The United States Department of Health and Human Services (HHS) launched a public education campaign to improve access to evidence-based opioid use disorder treatment and recovery services, such as Medication Assisted Treatment. This education campaign provides information for covered entities to ensure they are aware of their obligations under federal nondiscrimination laws, including laws prohibiting discrimination because of disability or limited English proficiency. In addition, the campaign seeks to educate the public about disability rights protections that may apply to persons in recovery from an opioid addiction. For more information, see: