Capping off a busy month of HIPAA settlements, on August 4, the Office for Civil Rights (“OCR”) announced a $5.55 million settlement with Advocate Health Care Network (“Advocate”), the largest fully-integrated healthcare...more
On July 11, 2016, the Office for Civil Rights (OCR) released important new guidance on ransomware for hospitals and other healthcare providers and finally addressed the question of whether electronic protected health...more
7/12/2016
/ Breach Notification Rule ,
Covered Entities ,
Cyber Attacks ,
Data Breach ,
Employee Training ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Hospitals ,
New Guidance ,
OCR ,
PHI ,
Ransomware ,
Security Risk Assessments
Last Friday afternoon CMS released its eagerly anticipated final rule (the Final Rule) implementing the Protecting Access to Medicare Act of 2014 (PAMA), which, together with the Final Rule, will make sweeping changes to the...more
Covered Entities need to continue to check their inboxes for emails from the HHS Office for Civil Rights (“OCR”) requesting verification of contact information in connection with Phase 2 of the HIPAA Audit Program. OCR...more
Last week the Supreme Court heard oral argument in a False Claims Act (“FCA”) case in which the Court is considering the validity of the so-called implied false certification theory. This theory attaches FCA liability when a...more
On March 21st, the HHS Office for Civil Rights (“OCR”) officially launched Phase 2 of the HIPAA Audit Program. Covered Entities and Business Associates need to be prepared for these audits and be on the lookout for emails...more
As reported in yesterday’s Boston Globe, compared to national averages, Massachusetts physicians are less likely to receive payments or items of value from pharmaceutical companies and less likely to be heavy prescribers of...more
As we have repeatedly emphasized on this blog, HIPAA Covered Entities must ensure that they have compliant business associate agreements (“BAAs”) in place with all of their business associates and must ensure that they have...more
In a chain of events that should be a wake-up call to any entity using and storing critical health information (and indeed, ANY kind of critical information), Hollywood Presbyterian Medical Center (“HPMC”) has announced that...more
In a chain of events that should be a wake-up call to any entity using and storing critical health information, Hollywood Presbyterian Medical Center (“HPMC”) has announced that it paid hackers $17,000 to end a malware attack...more
Recent enforcement actions by the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) have highlighted that, not surprisingly, Covered Entities should not leave medical records in a...more
As the year winds down, we look back with a mixture of nostalgia and queasiness on the major Health Insurance Portability and Accountability Act (HIPAA) events that defined 2015. Incredibly large data breaches became...more
Those wishing to comment on revisions to the Federal Policy for Protection of Human Subjects (known as the “Common Rule”) could add a 30-day comment period extension to the things they were grateful for at this year’s...more
This Halloween, the scariest monsters might not be in your closet or under your bed. They may be overseas, orchestrating intrusions into your electronic medical record. Or they may be lurking in your own workforce, carrying...more
10/30/2015
/ App Developers ,
Audits ,
Business Associates ,
Corrective Actions ,
Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Encryption ,
Fitbit ,
Hackers ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Mobile Health Apps ,
OCR ,
OIG ,
Patient Privacy Rights ,
Personally Identifiable Information ,
PHI ,
Security Risk Assessments ,
Wearable Technology
Most health-care lawyers are accustomed to monitoring the high profile areas of regulatory enforcement in health care. However, many hospital lawyers, whether in-house or outside counsel, are unaware of the potential...more
10/23/2015
/ Centers for Medicare & Medicaid Services (CMS) ,
Certificates of Compliance ,
Civil Monetary Penalty ,
CLIA ,
Clinical Laboratory Testing ,
Department of Health and Human Services (HHS) ,
Diagnostic Tests ,
Food and Drug Administration (FDA) ,
Healthcare ,
Hospitals ,
Laboratories ,
Laboratory Developed Tests ,
Medicaid ,
Medicare ,
Sanctions
On September 25, 2015, the Centers for Medicare & Medicaid Services (CMS) announced publication of the proposed rule (the “Proposed Rule”) implementing substantial changes to the Medicare Clinical Laboratory Fee Schedule...more
9/29/2015
/ Centers for Medicare & Medicaid Services (CMS) ,
Clinical Laboratories ,
Comment Period ,
Cost-Sharing ,
Data Collection ,
Diagnostic Tests ,
Medicaid ,
Medicare ,
Medicare Part B ,
MPFS ,
PAMA ,
Proposed Regulation ,
Reimbursements ,
Reporting Requirements
After a summer that saw major data breaches at the Office of Personnel Management and UCLA Health System, this fall is a great time to take your organization back to school on HIPAA compliance and data security. Here are...more
8/27/2015
/ Business Associates ,
C-Suite Executives ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Employee Training ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
ONC ,
Security Risk Assessments
On July 7th, the House introduced much anticipated bipartisan telehealth legislation. The Medicare Telehealth Parity Act of 2015, introduced by Representative Mike Thompson (D-CA) and co-sponsored by Representatives Gregg...more
7/14/2015
/ Centers for Medicare & Medicaid Services (CMS) ,
Health Care Providers ,
Health Insurance ,
Healthcare ,
Healthcare Reform ,
Medicaid ,
Medicare ,
Patients ,
Pending Legislation ,
Physicians ,
Telehealth ,
Telemedicine
Late last week, Texas telemedicine practitioners received a temporary reprieve from a new regulation issued by the Texas Medical Board (the “Board”) when a Texas federal court prohibited implementation of the new rule that...more
The HHS Office of the National Coordinator for Health Information Technology (“ONC”) recently released a new and improved version 2.0 of their Guide to Privacy and Security of Electronic Health Information. This revamped...more
In early April, Colorado joined multiple other states in passing a biosimilar substitution law that addresses the circumstances under which an FDA-approved interchangeable biosimilar product may be substituted for the...more
A recently announced settlement between Anchorage Community Mental Health (“ACMHS”) and the U.S. Department of Health & Human Services Office for Civil Rights (“OCR”) emphasizes, once again, the importance of compliance with...more
On October 30, 2014, the Centers for Medicare and Medicaid Services (“CMS”) announced the procedure for applicable manufacturers and group purchasing organizations (“GPOs”) to report payment and ownership information that was...more
On October 24, 2014, the Office for Human Research Protections (OHRP) announced in the Federal Register that it has released, and is seeking comment on, its Draft Guidance on Disclosing Reasonably Foreseeable Risks in...more
As a service to our readers, we have distilled last week’s joint HHS Office of Civil Rights (OCR) and National Institute of Standards in Technology (NIST) conference, “Safeguarding Health Information: Building Assurance...more