Children’s Medical Center of Dallas (Children’s) was hit with a $3.2 million civil penalty from the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) for failing to take steps to properly protect patient medical information. The civil penalty is the result of two data breaches caused by a lack of encryption and what was described as … Continue Reading
Healthcare providers excel at providing care to their patients, not designing IT strategies. Even so, with the trend toward value-based payments increasing, more healthcare providers have turned to electronic health records (EHR) systems to help them fine-tune practice efficiency and improve patient outcomes.
The EHR management systems options from which to choose can be dizzying, yet few decisions have so … Continue Reading
A group practice that was the victim of a silver-harvesting scam has agreed to pay the U.S. Department of Health and Human Services (“HHS”) $750,000 to settle charges that it released protected health information (“PHI”) of its patients to a third party vendor without first obtaining a written business associate agreement. Raleigh Orthopaedic Clinic, P.A. (the “Clinic”) provided x-ray films … Continue Reading
Last week, a federal court in Illinois encountered another example of unexpected events causing problematic privacy and data storage implications for a healthcare company. The non-profit organization responsible for maintaining the MetroChicago Health Information Exchange (the HIE) filed suit against its information technology support contractor and the contractor’s owner to prevent the contractor’s plan to destroy all client data after … Continue Reading
Just in time for the Phase 2 audits, the Department of Health and Human Services Office for Civil Rights (OCR) quietly posted the updated HIPAA Audit Protocol on its website. The new audit protocol has been updated to include business associates who became subject to HIPAA following the 2013 HIPAA Omnibus Final Rule. The protocol covers Privacy Rule, Security Rule … Continue Reading
The U.S. Food and Drug Administration (FDA), which is responsible for guidance on medical devices, has acknowledged that certain devices are susceptible to breaches. The FDA has identified cybersecurity vulnerabilities in medical devices that could allow unauthorized users to not only access patient information, but also to control the device. The FDA’s oversight comes at a critical time, as hospitals … Continue Reading
An Illinois circuit court judge has dismissed five of six claims in a consolidated class action against Advocate Health and Hospital Corporation arising from a data breach in July 2013. The judge’s dismissal with prejudice leaves only a negligence claim, based on a duty to reasonably safeguard information, pending against Advocate. … Continue Reading
In the latest challenge to a Florida law designed to promote early settlement of meritorious medical malpractice claims, the Florida First District Court of Appeal recently rejected a plaintiff’s arguments that 2013 amendments to the law violated the Florida Constitution. See Weaver v. Myers, Case No. 1D14-3178 (Fla. 1st DCA July 21, 2015). The court also summarily rejected the … Continue Reading
On June 2, 2015, the Second District Illinois Appellate Court affirmed the decisions of two lower courts, which had dismissed breach of privacy cases for lack of standing. The cases were consolidated for the purposes of the appeal. Both cases were brought against Advocate Health and Hospitals Corporation d/b/a Advocate Medical Group (Advocate), an Illinois network of affiliated physicians and … Continue Reading
The Emergency Care Research Institute, (ECRI) Patient Safety Organization (PSO) has issued its 2015 “top 10 list” of safety concerns for multiple healthcare settings, such as hospitals, ambulatory care centers, doctor’s offices and nursing homes.[i] This year’s list is as follows:… Continue Reading
On December 17, 2014, the Centers for Medicare and Medicaid Services (“CMS”) announced that there would be reductions in Medicare reimbursement for health care providers who do not meet the CMS electronic health record (“EHR”) incentive program’s meaningful use requirements. This announcement comes in the wake of CMS’ decision in October to extend the hardship exception deadline – an exception … Continue Reading
The Department of Justice’s recent settlement with a Chicago-based hospital system is the latest reflecting the agency’s continuing pursuit of claims against health care providers – small and large — who fail to provide adequate service to persons who are deaf or hearing-impaired. Under the settlement, Franciscan St. James Health is required to conduct disability assessments to be documented … Continue Reading
A federal appellate court recently concluded that the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) does not preempt a Florida law that requires aggrieved patients to authorize the release of their protected health information as a presuit condition to suing a medical provider for negligence. See Murphy v. Dulay (11th Cir. Oct. 10, 2014) (opinion available here).… Continue Reading
On June 20, 2014, Governor Rick Scott signed into law the Florida Information Protection Act of 2014 (“FIPA”), which became effective July 1, 2014. FIPA expands the obligations of businesses and government entities that maintain data containing personal information of individuals to safeguard and provide notice of breaches of such information. As a result, Florida now has one of, if … Continue Reading
According to the federal government, over 370,000 providers have participated in the Medicare and Medicaid Electronic Health Record (“EHR”) incentive program since its inception in 2011. However, providers nationwide continue to grapple with the challenges of complying with federal EHR requirements, and many such providers have voiced their displeasure to the federal government regarding the tight compliance timeframes. On Tuesday, … Continue Reading
Data breaches are certainly not unique to the healthcare industry. Large data breaches like the one experienced by Target stores in late 2013 seem increasingly common. Retail, financial, and other types of companies hold consumers’ financial information, but the healthcare industry also holds sensitive health information protected by HIPAA, making a data breach all the more problematic. Especially given the … Continue Reading
The phrase “the only constant is change itself” has rarely been so true across an entire industry. The U.S. healthcare sector is having to adjust to rapidly changing times. That whirlwind of change was discussed by industry leaders at Akerman’s recent panel event titled “Healthcare Issues for 2014: What Can You Expect?”
Panelists included Karen Zeiler, Senior Vice President of … Continue Reading
On January 31, 2014, the U.S. Department of Health and Human Services (“HHS”) Office of Inspector General (“OIG”) released its annual work plan. Not surprisingly, issues relating to Electronic Health Records (“EHRs”) continue to receive significant attention.
Pursuant to the American Recovery and Reinvestment Act of 2009, OIG received funding to evaluate whether funds received by HHS agencies and grantees … Continue Reading
A Conversation with Brian Foster, Director of Client Solutions at CareCloud
In what is reported to be the largest repayment to date involving “meaningful use” incentive payments, Naples, Florida-based Health Management Associates, Inc. (“HMA”), with 71 inpatient facilities in 15 states, including Florida, recently voluntarily notified the Centers for Medicare and Medicaid Services (“CMS”) that it erroneously certified its electronic health record (“EHR”) technology in the amount of $31 million dollars. … Continue Reading
The increased use of electronic medical records (“EMR”) is changing not only the way physicians practice medicine but also the way discovery is conducted in medical malpractice lawsuits. Plaintiffs’ attorneys seek to discover not only the contents of the medical records created by defendant healthcare providers, but also seek audit logs and access reports which are related to the EMR.… Continue Reading
As the end of the federal fiscal year rapidly approaches, so does the attestation deadline for hospitals participating in the Medicare Electronic Health Record (EHR) Incentive Program.
Each year, hospitals are required to show that they are “meaningfully using” their EHRs in order to receive their incentive payment and avoid any adjustment. They demonstrate such meaningful use by meeting certain … Continue Reading
As previously reported, the Office of Inspector General (OIG) for the Department of Health and Human Services (HHS) plans to audit healthcare providers that received incentive payments to adopt electronic health record (EHR) technology.
We have now received reports confirming that certain provider entities have been audited in Florida regarding these EHR incentive payments. The OIG targets payments made … Continue Reading
Stanford University Hospital recently reported that its patients’ unencrypted protected health information (PHI) was compromised when a laptop was stolen from the hospital. This should have healthcare organizations evaluating and enhancing efforts to secure patient information. These incidents can form the basis for class action lawsuits, even though the Health Insurance Portability and Accountability Act of 1996 (HIPAA) does not … Continue Reading