On June 30, 2016, the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) announced that a business associate providing management services to nursing homes in the Philadelphia, Pa. region agreed to...more
During the week of April 18, 2016, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced two significant settlements with a large New York City hospital and a North Carolina orthopaedic...more
4/26/2016
/ Business Associates ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Film Industry ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitals ,
OCR ,
Patient Privacy Rights ,
PHI ,
Prior Authorization ,
Public Disclosure ,
Settlement
On March 17, 2016, the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) announced that the Feinstein Institution for Medical Research (“Feinstein”) agreed to pay $3.9 million to resolve...more
The U.S. Department of Health & Human Services’ (“HHS”) Office for Civil Rights (“OCR”) and the Federal Trade Commission (“FTC”) were each involved in the resolution of high profile privacy matters in January 2016. The two...more
For those covered entities who experienced one or more HIPAA breaches involving less than 500 individuals during the calendar year 2015, the deadline for reporting those breaches to the Secretary of the U.S. Department of...more
In November 2015, the Office of Inspector General (OIG) for the U.S. Department of Health and Human Services (HHS) released its investigative plans for fiscal year 2016 (the OIG Work Plan). The OIG Work Plan highlights more...more
On September 29, 2015, the Office of Inspector General (OIG) released two reports that reviewed the Office of Civil Rights’ (OCR) enforcement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The...more
On September 2, 2015, the U.S. Department of Health and Human Services ("HHS") announced that it had entered into a Settlement Agreement with an Indiana-based medical practice for alleged violations of the Health Insurance...more
9/4/2015
/ Breach Notification Rule ,
Compliance ,
Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Security ,
De-Identified Protected Health Information ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Personally Identifiable Information ,
PHI ,
Popular ,
Privacy Policy ,
Settlement Agreements
St. Elizabeth’s Medical Center (SEMC), a tertiary care hospital based in Brighton, Mass., agreed to pay $218,400 to address deficiencies in its HIPAA compliance activities. The SEMC settlement continues a pattern of...more
On April 27, 2015, the U.S. Department of Health and Human Services (HHS) announced that Cornell Prescription Pharmacy (CPP), a single-location pharmacy in the Denver, Colo. metropolitan area, agreed to settle alleged HIPAA...more
On Tuesday, March 10, 2015, the U.S. Department of Health and Human Services ("HHS") announced the introduction of the Next Generation Accountable Care Organization ("ACO") Model of payment and care delivery. ACOs...more
In early November 2014, the New Jersey Department of Health (DOH) sent a letter to every physician licensed by the New Jersey Board of Medical Examiners (BME) regarding New Jersey’s statutory requirement that every surgical...more
On October 17, 2014, the Centers for Medicare and Medicaid Services (CMS) and the U.S. Department of Health and Human Services, Office of Inspector General (OIG) published in the Federal Register (79 FR 62356 et seq) a notice...more
There are two important updates with respect to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). First, on September 17, 2014, the U.S. Department of Health and Human Services (HHS) issued guidance to...more
On June 11, 2014, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) issued two reports to Congress summarizing activities in calendar years 2011 and 2012. The Annual Report to Congress on...more
On March 28, 2014, the U.S. Department of Health and Human Services (“HHS”) announced the release of a security risk assessment (“SRA”) tool to assist small- to mid-sized providers in conducting risk assessments of their...more
In the December 27, 2013 edition of the Federal Register, the Office of Inspector General (“OIG”) and Centers for Medicare and Medicaid Services (“CMS”), both within the U.S. Department of Health and Human Services (“HHS”),...more
One day after Christmas, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) announced that a Massachusetts-based dermatology practice (Practice) agreed to a $150,000 payment and entered into a...more
The federal government invests significant resources in combating health care fraud and abuse. The U.S. Department of Health and Human Services (“HHS”) Office of Inspector General (“OIG”) recently released its Strategic Plan...more
On July 8, 2013, WellPoint, Inc., a managed care company (“WellPoint”), agreed to pay a $1.7 million fine to settle a self-reported breach of HIPAA, a key federal health privacy law, that led to the unauthorized disclosure of...more
In June 2013, the Department of Health and Human Services, Office of Investigator General (OIG) published a review of its audit of an outpatient therapy services provider. The OIG concluded that the outpatient therapy...more
Physician-owned distributorships continue to attract federal scrutiny. A new OIG Alert highlights health care transactions that make these distributorships vulnerable to enforcement activity.
...more
On October 30, 2012, the Office of Inspector General, Department of Health and Human Services ("OIG") posted an Advisory Opinion stating it would not challenge an arrangement in which a non-profit hospital pays per diem...more