Category Archives: Patient Privacy

HIPAA Violation Carries Jail Time

A former Florida nursing assistant pleaded guilty to wrongfully disclosing protected health information of residents in an assisted living facility. Denetria Barnes and Jakiel Bazart stole HIPAA protected records and sold the individual’s names, birth dates and social security numbers. An undercover sting with the cooperation of a number of law enforcement agencies caught the pair attempting to sell information for approximately 400 individuals for $15,000. A Florida district court judge has ordered restitution of $12,000, a sentence of 37 months in prison followed by 3 years of supervised release.

More information can be found at the US Department of Justice website http://www.justice.gov.

Cameras, Citations and Abuse Investigations – Caring for the Ages Article

Covert video monitoring of care in long-term care facilities is becoming more and more pervasive.  As a result, regulatory citations and investigations that are initiated by covert video monitoring are on the rise.

Janet Feldkamp discusses these issues in a recent article entitled “Cameras, Citations and Abuse Investigations” which appeared in the September 11, 2013 edition of Caring for the Ages.

You can find a copy of Janet’s article  here —>  Cameras, Citations and Abuse Investigations

HITECH Compliance Deadline for Protected Health Information is Almost Here

The Health Information Technology for Economic and Clinical Health (HITECH) Act’s compliance deadline for its HIPAA amendments is just around the corner. On September 23, 2013, the Department of Health and Human Services (HHS) will require covered entities, including most health care providers, and many of their business associates to meet the new Privacy Rule, Security Rule, and Breach Notification requirements for protected health information (PHI). In preparation, covered entities and business associates should have updated policies, procedures, and business associate agreements, as well as trained employees on the new rules. Business associate agreements created, modified, or renewed on or after January 25, 2013 must be compliant by September 23, while agreements existing before January 25 that have not been subsequently renewed or modified must be compliant by September 22, 2014.  Continue reading

HHS Settles Case Regarding HIPAA Risks of ePHI on Portable Devices

Earlier this week, HHS announced that it had reached a settlement agreement with the Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates, Inc. in the amount of $1.5 million, relating to a breach report submitted by MEEI. The report, as required by the HIPAA Breach Notification Rule, was made after the theft of an unencrypted personal laptop containing electronic protected health information (ePHI) of patients and research subjects. Continue reading

HHS Announces $100,000 HIPAA Settlement with a Physician Practice

On April 17, 2012, the U.S. Department of Health and Human Services announced that Phoenix Cardiac Surgery, P.C. agreed to a $100,000 settlement for the continuing failure of the covered entity from complying with the HIPAA Privacy and Security Rules. (HHS Press Release) The settlement also included the requirement of the implementation of an extensive corrective action plan to bring the covered entity into compliance with the HIPAA Privacy and Security Rules. The settlement came about after an investigation by the HHS Office of Civil Rights in response to a report it received related to the covered entity’s practice of posting protected health information on an Internet-based calendar accessible by the public.  Continue reading

Benesch Health Care Attorney Published in AHLA’s HIT News

Frank Carsonie, Chair of our Health Care Practice Group, co-authored the article Reducing Risk in the Electronic Implementation of Electronic Records Systems: Practical Considerations and Benefits of a Risk Assessment in the March 2012 issue of HIT News published by the American Health Lawyer’s Association. Frank co-authorized the article with John DiMaggio, CEO of MCS2 Solutions, a veteran in the area of health care information technology solutions and privacy and security protections. The article provides a road map for organizations considering risk assessments for compliance with HIPAA and discusses some of the more common obstacles to completing a meaningful risk assessment and fully deploying a risk management plan.

The HIT Newsletter article* by Frank and John can be viewed here.

*Copyright 2012 American Health Lawyers Association, Washington, DC  Reprint permission granted.