Category Archives: Electronic Health Records & Medical Records

Subscribe to Electronic Health Records & Medical Records RSS Feed

Global Ransomware Attack Makes Healthcare Organizations Wanna Cry

As has been widely reported, on May 12, 2017, organizations around the world, including Britain’s National Health Service, found their data held hostage by actors using a new variant of ransomware called WannaCry. According to news reports, 200,000 computers in more than 150 countries have been hit by the cyberattack which appears to be spread by phishing emails. There are … Continue Reading

April Showers Bring More HIPAA Settlements

April proved to be a busy month for the U.S. Department of Health and Human Services Office for Civil Rights (OCR) under its newly appointed director, Roger Severino. OCR announced three settlements of potential HIPAA violations totaling nearly $3,000,000.00 in fines. The settling parties include a wireless health services provider, a federally-qualified health center (FQHC), and a pediatric specialty provider. … Continue Reading

Lack of Timely Action and Knowledge of Risk Results in $3.2 Million Civil Monetary Penalty for HIPAA Violations

Children’s Medical Center of Dallas (Children’s) was hit with a $3.2 million civil penalty from the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) for failing to take steps to properly protect patient medical information. The civil penalty is the result of two data breaches caused by a lack of encryption and what was described as … Continue Reading

New Tools Help Providers Become Smarter Users of Electronic Health Records Systems

Healthcare providers excel at providing care to their patients, not designing IT strategies. Even so, with the trend toward value-based payments increasing, more healthcare providers have turned to electronic health records (EHR) systems to help them fine-tune practice efficiency and improve patient outcomes.

The EHR management systems options from which to choose can be dizzying, yet few decisions have so … Continue Reading

Not a Check-the-Box Exercise: Failure to Have Signed BAA Results in Substantial Fine

A group practice that was the victim of a silver-harvesting scam has agreed to pay the U.S. Department of Health and Human Services (“HHS”) $750,000 to settle charges that it released protected health information (“PHI”) of its patients to a third party vendor without first obtaining a written business associate agreement. Raleigh Orthopaedic Clinic, P.A. (the “Clinic”) provided x-ray films … Continue Reading

Prepare for the Unexpected with Data Storage and Retrieval

Last week, a federal court in Illinois encountered another example of unexpected events causing problematic privacy and data storage implications for a healthcare company. The non-profit organization responsible for maintaining the MetroChicago Health Information Exchange (the HIE) filed suit against its information technology support contractor and the contractor’s owner to prevent the contractor’s plan to destroy all client data after … Continue Reading

Shhh….OCR Releases New HIPAA Audit Protocol

Just in time for the Phase 2 audits, the Department of Health and Human Services Office for Civil Rights (OCR) quietly posted the updated HIPAA Audit Protocol on its website. The new audit protocol has been updated to include business associates who became subject to HIPAA following the 2013 HIPAA Omnibus Final Rule. The protocol covers Privacy Rule, Security Rule … Continue Reading

The Silent Threats of Breaches to Medical Devices are Starting to Make Noise

The U.S. Food and Drug Administration (FDA), which is responsible for guidance on medical devices, has acknowledged that certain devices are susceptible to breaches. The FDA has identified cybersecurity vulnerabilities in medical devices that could allow unauthorized users to not only access patient information, but also to control the device. The FDA’s oversight comes at a critical time, as hospitals … Continue Reading

Evolving Litigation of Data Breach Claims

An Illinois circuit court judge has dismissed five of six claims in a consolidated class action against Advocate Health and Hospital Corporation arising from a data breach in July 2013. The judge’s dismissal with prejudice leaves only a negligence claim, based on a duty to reasonably safeguard information, pending against Advocate. … Continue Reading

Can We Talk? Florida Court Rejects Latest Challenge to Med Mal Presuit Authorization Law

In the latest challenge to a Florida law designed to promote early settlement of meritorious medical malpractice claims, the Florida First District Court of Appeal recently rejected a plaintiff’s arguments that 2013 amendments to the law violated the Florida Constitution. See Weaver v. Myers, Case No. 1D14-3178 (Fla. 1st DCA July 21, 2015). The court also summarily rejected the … Continue Reading

Illinois Appellate Court Holds No Standing to Sue for Medical Information Data Breach Where Injury is Speculative

On June 2, 2015, the Second District Illinois Appellate Court affirmed the decisions of two lower courts, which had dismissed breach of privacy cases for lack of standing. The cases were consolidated for the purposes of the appeal. Both cases were brought against Advocate Health and Hospitals Corporation d/b/a Advocate Medical Group (Advocate), an Illinois network of affiliated physicians and … Continue Reading

The Top 10 Patient Safety Concerns for Healthcare Organizations in 2015

The Emergency Care Research Institute, (ECRI) Patient Safety Organization (PSO) has issued its 2015 “top 10 list” of safety concerns for multiple healthcare settings, such as hospitals, ambulatory care centers, doctor’s offices and nursing homes.[i] This year’s list is as follows:… Continue Reading

CMS Announces Enforcement of EHR Payment Adjustments in 2015

On December 17, 2014, the Centers for Medicare and Medicaid Services (“CMS”) announced that there would be reductions in Medicare reimbursement for health care providers who do not meet the CMS electronic health record (“EHR”) incentive program’s meaningful use requirements. This announcement comes in the wake of CMS’ decision in October to extend the hardship exception deadline – an exception … Continue Reading

Justice Department Continues to Target Health Care Providers with “Barrier-Free” Initiative

The Department of Justice’s recent settlement with a Chicago-based hospital system is the latest reflecting the agency’s continuing pursuit of claims against health care providers – small and large — who fail to provide adequate service to persons who are deaf or hearing-impaired. Under the settlement, Franciscan St. James Health is required to conduct disability assessments to be documented … Continue Reading

Talk Amongst Yourselves: HIPAA Does Not Preempt Florida Med Mal Presuit Authorization Law

A federal appellate court recently concluded that the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) does not preempt a Florida law that requires aggrieved patients to authorize the release of their protected health information as a presuit condition to suing a medical provider for negligence. See Murphy v. Dulay (11th Cir. Oct. 10, 2014) (opinion available here).… Continue Reading

Florida Information Protection Act of 2014 – Florida Means Business When It Comes to Protecting Customers’ Personal Information

On June 20, 2014, Governor Rick Scott signed into law the Florida Information Protection Act of 2014 (“FIPA”), which became effective July 1, 2014. FIPA expands the obligations of businesses and government entities that maintain data containing personal information of individuals to safeguard and provide notice of breaches of such information. As a result, Florida now has one of, if … Continue Reading

HHS Proposes Extension of Deadline for EHR Compliance

According to the federal government, over 370,000 providers have participated in the Medicare and Medicaid Electronic Health Record (“EHR”) incentive program since its inception in 2011. However, providers nationwide continue to grapple with the challenges of complying with federal EHR requirements, and many such providers have voiced their displeasure to the federal government regarding the tight compliance timeframes. On Tuesday, … Continue Reading

Security Breach May Not be Covered by Your General Liability Policy

Data breaches are certainly not unique to the healthcare industry.  Large data breaches like the one experienced by Target stores in late 2013 seem increasingly common. Retail, financial, and other types of companies hold consumers’ financial information, but the healthcare industry also holds sensitive health information protected by HIPAA, making a data breach all the more problematic.  Especially given the … Continue Reading

Thought Leaders: These are “Turbulent,” “Transitional” Times in Healthcare

The phrase “the only constant is change itself” has rarely been so true across an entire industry. The U.S. healthcare sector is having to adjust to rapidly changing times. That whirlwind of change was discussed by industry leaders at Akerman’s recent panel event titled “Healthcare Issues for 2014: What Can You Expect?”

Panelists included Karen Zeiler, Senior Vice President of … Continue Reading

Department of Health and Human Services Office of Inspector General’s FY 2014 Work Plan Identifies Security of EHR Technology as New Focus

On January 31, 2014, the U.S. Department of Health and Human Services (“HHS”) Office of Inspector General (“OIG”) released its annual work plan.  Not surprisingly, issues relating to Electronic Health Records (“EHRs”) continue to receive significant attention.

Pursuant to the American Recovery and Reinvestment Act of 2009, OIG received funding to evaluate whether funds received by HHS agencies and grantees … Continue Reading

Electronic Health Record (EMR) Systems – One of the Many Ways Technology is Changing Medicine

A Conversation with Brian Foster, Director of Client Solutions at CareCloud

The availability of incentive payments to providers from the Centers for Medicare and Medicaid Services (CMS) to implement electronic medical records (EMR) systems is a hot topic these days among healthcare providers. Marshall Burack, a partner in Akerman’s Healthcare Practice Group sat down with Brian Foster, director of client … Continue Reading

“Meaningful” Errors Require Hospital System to Refund $31M

In what is reported to be the largest repayment to date involving “meaningful use” incentive payments, Naples, Florida-based Health Management Associates, Inc. (“HMA”), with 71 inpatient facilities in 15 states, including Florida, recently voluntarily notified the Centers for Medicare and Medicaid Services (“CMS”) that it erroneously certified its electronic health record (“EHR”) technology in the amount of $31 million dollars. … Continue Reading

Audit Log Discovery as a Feature of the Electronic Medical Record

The increased use of electronic medical records (“EMR”) is changing not only the way physicians practice medicine but also the way discovery is conducted in medical malpractice lawsuits.  Plaintiffs’ attorneys seek to discover not only the contents of the medical records created by defendant healthcare providers, but also seek audit logs and access reports which are related to the EMR.… Continue Reading

Meaningful Use Attestation Deadline Approaching: What You Need To Know

As the end of the federal fiscal year rapidly approaches, so does the attestation deadline for hospitals participating in the Medicare Electronic Health Record (EHR) Incentive Program.

Each year, hospitals are required to show that they are “meaningfully using” their EHRs in order to receive their incentive payment and avoid any adjustment. They demonstrate such meaningful use by meeting certain … Continue Reading

LexBlog