Blogs

HIPAA, HITECH and Health Information Technology Blog

William Maruca, Michael Kline and Elizabeth Litten maintain a blog that provides information regarding current legal and practical issues that health care providers and business must consider with regard to the exchange of health information, including the use of electronic health records (EHR). The HIPAA Privacy Rule and Security Rule requirements are among the legal standards with which there must be compliance when utilizing EHR, as well as sharing and exchanging health information in general. This blog also considers possible solutions to maneuver the legal and other barriers to establishing an EHR system and infrastructures for the beneficial exchange of health information.

View the HIPAA, HITECH and Health Information Technology Blog

Physician Law Blog

Todd A. Rodriguez and Edward J. Cyran maintain a blog that can be used as a resource for current legal issues and news affecting physicians and other non-institutional health care providers. Their blog provides updates on new legislation and legal issues relating to practice management, billing and coding, ancillary services, malpractice insurance, fraud and abuse developments and other important legal issues affecting physicians in their personal and professional lives.

View the Physician Law Blog

Recent Blog Posts

  • Foreshadowing HIPAA Under the New Administration: Will Transparency Trump Privacy? It may not come as a surprise that Congressman Tom Price, MD (R-GA), a vocal critic of the Affordable Care Act who introduced legislation to replace it last spring, was selected to serve as Secretary of the U.S. Department of Health and Human Services (HHS) in the Trump administration. What may come as a bit of a surprise is how Price’s proposed replacement bill appears to favor transparency over individual privacy when it comes to certain health care claim information. Section... More
  • Office of Inspector General Work Plan Identifies Compliance Areas of Focus for Physicians Earlier this month, the Office of Inspector General of the Department of Health and Human Services (“OIG”), the agency charged with enforcement of key federal fraud and abuse laws, published its annual Work Plan identifying the areas of compliance concern under the Medicare program on which it will focus its review efforts in the coming year. While the Work Plan does not provide much detail in terms of why particular areas have been identified for review, it can serve as... More
  • OCR Alert – HIPAA Audit Email Phishing Scam The U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) issued an alert on November 28, 2016, regarding an email purporting to be from OCR.  This phishing email can look like an official government email which may use fake HHS letterhead and may even appear to be signed by OCR’s Director, Jocelyn Samuels. OCR says: The email prompts recipients to click a link regarding possible inclusion in the HIPAA Privacy, Security, and Breach Rules Audit Program.  The link directs individuals to a... More
  • Bubble Guppies and PHI: Tips for Telecommuting Policies Federal enforcement agencies are increasingly focusing on HIPAA breaches which involve mishandling of PHI by telecommuters.  Two recent cases illustrate the liability exposure resulting from inadequate oversight of staff working remotely. Medical equipment supplier Lincare was fined $239,800 as a result of a breach which occurred when an employee left unprotected PHI in a car in the possession of her estranged husband.  An Administrative Law Judge upheld the penalty, noting that Lincare did not have policies in place requiring employees to... More
  • Are You Ready for the new Medicare Quality Payment Program? (New Blog Series) You may have heard that a transformation of Medicare’s physician payment program is in the works.  However, you may not know that the structure of the new program, called the “Quality Payment Program”, has been finalized and will begin its first reporting year on January 1, 2017.  Now is the time for you and your practice to get up to speed on the new Quality Payment Program.  This post is the first in a new Blog Series that we will be publishing... More
  • OIG Okays Free Vaccine Dispensing System for Physician Office Use The Office of Inspector General (“OIG”) of the Department of Health and Human Services, generally, would have concerns about a potential or existing referral source receiving free goods or services, since these free goods and services could be used to provide unlawful payments for the referral of Federal health care program business.  However, under Advisory Opinion 16-09, the OIG decided not to pursue sanctions against a company that provides computerized point-of-care storage and dispensing systems for vaccines (the “Dispensing System”)... More
  • The Blindfolded Business Associate: New HHS Guidance on HIPAA & Cloud Computing According to the latest HIPAA-related guidance (Guidance) published by the U.S. Department of Health and Human Services (HHS), a cloud service provider (CSP) maintaining a client’s protected health information (PHI) is a business associate even when the CSP can’t access or view the PHI. In other words, even where the PHI is encrypted and the CSP lacks the decryption key, the CSP is a business associate because it maintains the PHI and, therefore, has HIPAA-related obligations with respect to the... More
  • Six Tips for a Small Business to Avoid HIPAA Security Breach Headaches Last week, I blogged about a recent U.S. Department of Health and Human Services Office of Civil Rights (OCR) announcement on its push to investigate smaller breaches (those involving fewer than 500 individuals).   The week before that, my partner and fellow blogger Michael Kline wrote about OCR’s guidance on responding to cybersecurity incidents.  Today, TechRepublic Staff Writer Alison DeNisco addresses how a small or medium sized business (MSB) can deal with the heightened threat of OCR investigations or lawsuits emanating... More
  • King of Nursing Homes Sentenced to 2 Years in Prison and $786,000 in Repayments and Fines In March 2016, we covered the conviction of Dr. Venkateswara Kuchipudi for violating the federal anti-kickback statute by referring nursing home patients to Sacred Heart Hospital (in Chicago) in exchange for kickbacks. For a summary of the case, please see our post here: Nursing Home Fraud Scam Results in Conviction for King of Nursing Homes Dr. Kuchipudi was convicted of one count of conspiracy to defraud the United States and nine counts of illegally soliciting or receiving benefits in return for... More
  • Small HIPAA Breaches, Big HIPAA Headaches What you might have thought was not a big breach (or a big deal in terms of HIPAA compliance), might end up being a big headache for covered entities and business associates. In fact, it’s probably a good idea to try to find out what “smaller” breaches your competitors are reporting (admittedly not an easy task, since the “Wall of Shame” only details breaches affecting the protected health information (PHI) of 500 or more individuals). Subscribers to the U.S. Department of... More
  • Eight Tips to Confront the New Initiative by HHS on PHI Security In a recent Guidance, the Office of Civil Rights of the U.S. Department of Health and Human Services (“OCR”) appears to have attempted to reverse an impression that its emphasis is more on privacy of protected health information (“PHI”) than on security of PHI. Its July 2016 article draws attention to the need by covered entities and business associates for equal attention to PHI security. Relative to this OCR initiative, our partner Elizabeth Litten and I were recently featured again by our good... More
  • Happy HIPAA 20th Birthday! Co-authored by Elizabeth G. Litten and Michael J. Kline HIPAA turns 20 today.   A lot has changed in the two decades since its enactment.  When HIPAA was signed into law by President Bill Clinton on August 21, 1996, DVDs had just come out in Japan, most people used personal computers solely for word processing, the internet domain myspace.com had just come online, Apple stock was at a ten-year low, and Microsoft Windows CE 1.0 would soon be released (in November of... More
  • Does Your Practice Have a Leadership Succession Plan? Many medical groups have difficulty developing a succession plan for practice leadership. Some practices do not even have a formal governance structure in place (though they should), but even those that do may find it challenging to identify and train new leaders to assume responsibility when senior physician leaders step down. Having a leadership succession plan in place is critical for a number of reasons. In practices where leadership is handled by one physician or concentrated in a small... More
  • Nine Tips for Avoiding HIPAA Breaches When Responding to Widespread Healthcare Emergencies The aftermath of the Orlando nightclub tragedy has led to much discussion about ways that healthcare providers can and should deal with compliance with health information privacy requirements in the face of disasters that injure or sicken many individuals in a limited time frame. One aspect is the pressure to treat patients while simultaneously fulfilling the need to supply current and relevant information to family, friends and the media about patient status without breaching HIPAA by improperly disclosing protected health information... More
  • Is Your Facility a PokéStop? (A what?) Are strangers wandering around your health care facility with their noses buried in their smartphones? And if so, what should you do about it? They’re playing Pokémon GO, a location-based augmented reality mobile game that was released for iOS and Android devices on July 6, 2016. Its popularity exceeded all expectations (my kids are probably playing it right now). The game’s objective requires players to search in real-world locations for icons that appear on a GPS-like virtual map. The icons may... More