Elizabeth F. Hodge

Photo of Elizabeth F. Hodge

A former president of the Florida Academy of Healthcare Attorneys, Betsy Hodge concentrates her practice on compliance and regulatory issues affecting health care providers and payers and employer-sponsored health plans. Betsy has significant experience with HIPAA and the HITECH Act and assists covered entities and business associates in complying with these laws through the development of policies and procedures, workforce training, analysis and notification of breaches, and assisting with government audits and investigations.  In addition, she counsels her clients on regulatory issues, including state and federal fraud and abuse laws.

 

Subscribe to all posts by Elizabeth F. Hodge

OCR’s Proposed Rule Finds Fertile Ground for Enhanced Reproductive Privacy Protection

The Department of Health and Human Services Office for Civil Rights (OCR) issued a proposed rule on April 17, 2023, to amend provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to strengthen privacy protections for individuals’ protected health information (PHI) related to reproductive healthcare (the Proposed Rule). The Proposed Rule would … Continue Reading

All Good Things Must Come to an End: The Expiration of OCR’s Enforcement Discretion

On April 11, 2023, the Department of Health and Human Services’ Office for Civil Rights (OCR) confirmed that four notifications of enforcement discretion regarding enforcement of the HIPAA Privacy, Security, and Breach Notification Rules (the HIPAA rules) during the COVID-19 public health emergency (PHE) will expire at the end of the PHE.1 The notifications, which … Continue Reading

The FTC Sends Another Warning to Digital Healthcare Platforms About Use of Tracking Pixels

The Federal Trade Commission (FTC) continues to prioritize the protection of consumers’ digital health information. The agency has demonstrated this commitment through enforcement actions against GoodRx and BetterHelp for sharing consumer health information for advertising purposes (see our blog posts on each respective action here and here), and in a post published by the FTC … Continue Reading

FTC Cracks Down on BetterHelp’s Sharing of Health Information for Advertising 

Following its February settlement with GoodRx, the Federal Trade Commission (FTC) has fired another shot across the bow in its ongoing campaign to protect consumers’ digital health information. Earlier this month the FTC announced a consent order with BetterHelp, Inc., an online mental health counseling service, to resolve alleged violations of the Federal Trade Commission … Continue Reading

Healthcare Providers: Add OCR’s Latest Right of Access Settlements to Your Summer Reading List

The Office for Civil Rights (“OCR”) at the U.S. Department of Health and Human Services (“HHS”) announced on July 15, 2022, that it has resolved 11 investigations conducted under the Health Insurance Portability and Accountability Act (“HIPAA”) Right of Access Initiative. These settlements remind providers that, as OCR Director Lisa J. Pino stated, “OCR is … Continue Reading

OCR Releases Guidance on HIPAA Compliance When Providing Audio-Only Telehealth

The U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) recently released new guidance (the “Guidance”) to help ensure that individuals may continue to benefit from audio-only telehealth services and clarify for health care providers and health plans how they can provide such services while complying with the HIPAA Privacy, Security, … Continue Reading

Must Watch Summer Viewing Coming Soon: OCR’s Upcoming Video Presentation on the HITECH Act’s Recognized Security Practices

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced June 10, 2022 that it is producing a video presentation on “recognized security practices” as set forth in the recent amendment of the Health Information Technology for Economic Health Act (HITECH Act) and is seeking questions from the public that … Continue Reading

Help Wanted: OCR Seeks Public Input on “Recognized Security Practices” and Sharing Settlements with Harmed Individuals Under the HITECH Act

Covered entities and business associates subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) have the chance to provide input on two amendments to the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH Act”). The U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) recently … Continue Reading

CMS Is Here To Help Healthcare Entities Comply with Its Vaccination Rule

The Centers for Medicare and Medicaid Services (“CMS”) recently published an infographic to help Medicare and Medicaid facilities and providers determine if they or some members of their workforce are subject to the Omnibus Health Care Staff Vaccination Interim Final Rule (“Vaccine Rule”).  CMS has also issued FAQs to assist healthcare providers in assessing whether … Continue Reading

Biden Administration Unveils Long-Awaited COVID-19 Rules For Large Employers and Healthcare Workers

The wait is over for employers seeking clarity on the details of the Biden Administration’s vaccine and testing rules for private employers, first announced by President Biden in early September and now slated to take effect alongside federal contractor vaccine requirements on January 4, 2022. The first rule, issued by the Occupational Safety and Health … Continue Reading

FTC Warns Health App Vendors: Comply with the Health Breach Notification Rule or Pay the Penalty!

Vendors of health applications (“health apps”) and connected devices that collect or use individuals’ health information, along with their service providers, are now on notice that they must provide timely notice to consumers and the Federal Trade Commission (FTC) when there is a security breach compromising health information. In response to the proliferation of health … Continue Reading

Medicare & Medicaid Facilities Are Put On Notice: Employees Must Be Vaccinated

Medicare and Medicaid certified facilities will be required to ensure that their employees are vaccinated for COVID-19, the Centers for Medicare & Medicaid Services (CMS) announced on September 9, 2021. Healthcare providers with 100 or more employees also may be subject to a forthcoming Emergency Temporary Standard (“ETS”) from the U.S. Department of Labor’s Occupational … Continue Reading

Group Health Plan Sponsors are Getting Serious About Pricing Transparency – Are You Keeping Up?

In early July, the Department of Health and Human Services (HHS), the Department of Labor (Labor), and the Department of the Treasury (Treasury) (collectively, the Departments), along with the Office of Personnel Management (OPM) released an interim final rule related to the No Surprises Act, legislation designed to protect patients from unexpected medical bills. The … Continue Reading

OIG Weighs In On COVID-19 Vaccination Incentives

The media has widely reported that several governmental, non-profit, and private organizations, including entities in the healthcare sector, are offering a variety of incentives to encourage more individuals to take the COVID-19 vaccine. While this approach may increase the number of vaccinated individuals, it can also implicate the healthcare fraud and abuse laws when Federal … Continue Reading

Ransomware Targeting Hospitals and Healthcare Providers

While fighting a surge of new coronavirus infections in many parts of the country, healthcare providers must also be prepared to defend against ransomware. On October 28, 2020, the FBI, the U.S. Department of Health and Human Services (HHS), and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint alert warning of  “credible information … Continue Reading

CARES Act Provider Relief Funds – The Requirements Are Taxing

The Internal Revenue Service (“IRS”) recently clarified that CARES Act Provider Relief Funds (“Relief Funds”) are considered taxable income for for-profit providers, including physician practices. This news comes as a surprise as many thought such funds would be considered “qualified disaster relief payments” and therefore not includible in gross income under Section 139 of the … Continue Reading

New FBI Alert to Healthcare Providers – Beware of COVID-19 Phishing Campaigns

Healthcare providers are under siege, not only from the COVID-19 pandemic, but also from cyber criminals.  Following reports of targeted email phishing attempts, the FBI issued a FLASH alert warning healthcare providers on April 21, 2020, that they are at heightened risk for cyber attacks that use COVID-19 as bait.  The FBI’s FLASH alert follows … Continue Reading

Buyer Beware – FBI Warns of Fraud Involving Procurement of PPE and Other COVID-19 Supplies

Many employers are now making plans to have their employees return to the workplace. Based on recent alerts from the FBI, part of preparing to protect workers from COVID-19 at work should include protecting the company from falling prey to fraudsters. To do that, employers should put in place procedures to carefully screen vendors from … Continue Reading

Accepting CARES Act Relief Funds for Health Care Providers? Tell Your Compliance Department

While the CARES Act signals relief for many healthcare providers, it is important to remember that there are strings attached and reasons for providers to involve their compliance departments in the use and tracking of the CARES Act relief funds. The CARES Act promised, through the Public Health and Social Services Emergency Fund, to provide … Continue Reading

OCR COVID-19 Updates on HIPAA and Anti-Discrimination Laws

Hospitals will have a limited waiver of HIPAA sanctions and penalties during the COVID-19 outbreak as a result of a bulletin issued on March 16, 2020 by the U.S. Department of Health and Human Services. The Office of Civil Rights also issued a reminder that even during a medical emergency like the COVID-19 pandemic, all … Continue Reading

Healthcare Providers Must Remember HIPAA Before Responding to Online Reviews

The latest HIPAA resolution agreement by the U.S. Department of Health and Human Services Office for Civil Rights (OCR) is a reminder that healthcare providers must take the high road when responding to unflattering online reviews by patients. While it is tempting to respond to a bad and perhaps untrue online review, healthcare providers need … Continue Reading

On-Line Resources Help Nonprofit Organizations Prepare for Cybersecurity Threats

The effects of a data breach can be disastrous for any company, but especially for a nonprofit organization, not only because of the harm to the affected individuals, including those served by the organization, but also the crippling effect it could have on day-to-day operations of an organization with limited resources. A security incident can … Continue Reading

GDPR: What You Need to Know Now

It is safe to say that there has been much fear and confusion over the European Union (EU) General Data Protection Rule, or GDPR. With an effective date of May 25, 2018, and little guidance as to how the GDPR applies to organizations that do not have a physical presence in the EU or do … Continue Reading

Global Ransomware Attack Makes Healthcare Organizations Wanna Cry

As has been widely reported, on May 12, 2017, organizations around the world, including Britain’s National Health Service, found their data held hostage by actors using a new variant of ransomware called WannaCry. According to news reports, 200,000 computers in more than 150 countries have been hit by the cyberattack which appears to be spread … Continue Reading
LexBlog