Earlier this week, HHS announced that it had reached a settlement agreement with the Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates, Inc. in the amount of $1.5 million, relating to a breach report submitted by MEEI. The report, as required by the HIPAA Breach Notification Rule, was made after the theft of an unencrypted personal laptop containing electronic protected health information (ePHI) of patients and research subjects. Continue reading
Posted in Compliance Programs, Consumers, DHHS, Health Care, Health Care Providers, Health Information Technology, HIPAA, Patient Privacy, Regulatory Compliance
Tagged HIPAA, Security Breach, Settlement
On April 17, 2012, the U.S. Department of Health and Human Services announced that Phoenix Cardiac Surgery, P.C. agreed to a $100,000 settlement for the continuing failure of the covered entity from complying with the HIPAA Privacy and Security Rules. (HHS Press Release) The settlement also included the requirement of the implementation of an extensive corrective action plan to bring the covered entity into compliance with the HIPAA Privacy and Security Rules. The settlement came about after an investigation by the HHS Office of Civil Rights in response to a report it received related to the covered entity’s practice of posting protected health information on an Internet-based calendar accessible by the public. Continue reading
Frank Carsonie, Chair of our Health Care Practice Group, co-authored the article Reducing Risk in the Electronic Implementation of Electronic Records Systems: Practical Considerations and Benefits of a Risk Assessment in the March 2012 issue of HIT News published by the American Health Lawyer’s Association. Frank co-authorized the article with John DiMaggio, CEO of MCS2 Solutions, a veteran in the area of health care information technology solutions and privacy and security protections. The article provides a road map for organizations considering risk assessments for compliance with HIPAA and discusses some of the more common obstacles to completing a meaningful risk assessment and fully deploying a risk management plan.
The HIT Newsletter article* by Frank and John can be viewed here.
*Copyright 2012 American Health Lawyers Association, Washington, DC Reprint permission granted.
Posted in Consumers, DHHS, General, Health Care, Health Care Providers, Health Information Technology, HIPAA, Medicaid, Medicare, Patient Privacy, Regulatory Compliance
Health care providers enter into agreements with vendors on a daily basis. Providers have agreements with suppliers for items and services, such as – durable medical equipment, medical supplies, EKG/Holter monitoring services and pharmaceuticals. Providers also have agreements with ancillary providers, like rehabilitation therapists, audiologists, psychologists, wound care professionals, and others.
Entering into and working with these types of agreements and arrangements can and does become a routine function of any provider. Often when providers treat these agreements as a routine day to day function, important compliance and business related concerns can get overlooked. An important element of the compliance function of any provider organization should include a periodic review of its vendor agreements and arrangements. Continue reading
Posted in Compliance Programs, Exclusion, Fraud and Abuse, Health & Human Services, Health Care, Health Care Providers, HIPAA, Medicaid, Medicare, OIG, Regulatory Compliance, Self-Referral