Elizabeth F. Hodge

Photo of Elizabeth F. Hodge

A former president of the Florida Academy of Healthcare Attorneys, Betsy Hodge concentrates her practice on compliance and regulatory issues affecting health care providers and payers and employer-sponsored health plans. Betsy has significant experience with HIPAA and the HITECH Act and assists covered entities and business associates in complying with these laws through the development of policies and procedures, workforce training, analysis and notification of breaches, and assisting with government audits and investigations.  In addition, she counsels her clients on regulatory issues, including state and federal fraud and abuse laws.

 

Subscribe to all posts by Elizabeth F. Hodge

FTC Warns Health App Vendors: Comply with the Health Breach Notification Rule or Pay the Penalty!

Vendors of health applications (“health apps”) and connected devices that collect or use individuals’ health information, along with their service providers, are now on notice that they must provide timely notice to consumers and the Federal Trade Commission (FTC) when there is a security breach compromising health information. In response to the proliferation of health … Continue Reading

Medicare & Medicaid Facilities Are Put On Notice: Employees Must Be Vaccinated

Medicare and Medicaid certified facilities will be required to ensure that their employees are vaccinated for COVID-19, the Centers for Medicare & Medicaid Services (CMS) announced on September 9, 2021. Healthcare providers with 100 or more employees also may be subject to a forthcoming Emergency Temporary Standard (“ETS”) from the U.S. Department of Labor’s Occupational … Continue Reading

Group Health Plan Sponsors are Getting Serious About Pricing Transparency – Are You Keeping Up?

In early July, the Department of Health and Human Services (HHS), the Department of Labor (Labor), and the Department of the Treasury (Treasury) (collectively, the Departments), along with the Office of Personnel Management (OPM) released an interim final rule related to the No Surprises Act, legislation designed to protect patients from unexpected medical bills. The … Continue Reading

OIG Weighs In On COVID-19 Vaccination Incentives

The media has widely reported that several governmental, non-profit, and private organizations, including entities in the healthcare sector, are offering a variety of incentives to encourage more individuals to take the COVID-19 vaccine. While this approach may increase the number of vaccinated individuals, it can also implicate the healthcare fraud and abuse laws when Federal … Continue Reading

Ransomware Targeting Hospitals and Healthcare Providers

While fighting a surge of new coronavirus infections in many parts of the country, healthcare providers must also be prepared to defend against ransomware. On October 28, 2020, the FBI, the U.S. Department of Health and Human Services (HHS), and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint alert warning of  “credible information … Continue Reading

CARES Act Provider Relief Funds – The Requirements Are Taxing

The Internal Revenue Service (“IRS”) recently clarified that CARES Act Provider Relief Funds (“Relief Funds”) are considered taxable income for for-profit providers, including physician practices. This news comes as a surprise as many thought such funds would be considered “qualified disaster relief payments” and therefore not includible in gross income under Section 139 of the … Continue Reading

New FBI Alert to Healthcare Providers – Beware of COVID-19 Phishing Campaigns

Healthcare providers are under siege, not only from the COVID-19 pandemic, but also from cyber criminals.  Following reports of targeted email phishing attempts, the FBI issued a FLASH alert warning healthcare providers on April 21, 2020, that they are at heightened risk for cyber attacks that use COVID-19 as bait.  The FBI’s FLASH alert follows … Continue Reading

Buyer Beware – FBI Warns of Fraud Involving Procurement of PPE and Other COVID-19 Supplies

Many employers are now making plans to have their employees return to the workplace. Based on recent alerts from the FBI, part of preparing to protect workers from COVID-19 at work should include protecting the company from falling prey to fraudsters. To do that, employers should put in place procedures to carefully screen vendors from … Continue Reading

Accepting CARES Act Relief Funds for Health Care Providers? Tell Your Compliance Department

While the CARES Act signals relief for many healthcare providers, it is important to remember that there are strings attached and reasons for providers to involve their compliance departments in the use and tracking of the CARES Act relief funds. The CARES Act promised, through the Public Health and Social Services Emergency Fund, to provide … Continue Reading

OCR COVID-19 Updates on HIPAA and Anti-Discrimination Laws

Hospitals will have a limited waiver of HIPAA sanctions and penalties during the COVID-19 outbreak as a result of a bulletin issued on March 16, 2020 by the U.S. Department of Health and Human Services. The Office of Civil Rights also issued a reminder that even during a medical emergency like the COVID-19 pandemic, all … Continue Reading

Healthcare Providers Must Remember HIPAA Before Responding to Online Reviews

The latest HIPAA resolution agreement by the U.S. Department of Health and Human Services Office for Civil Rights (OCR) is a reminder that healthcare providers must take the high road when responding to unflattering online reviews by patients. While it is tempting to respond to a bad and perhaps untrue online review, healthcare providers need … Continue Reading

On-Line Resources Help Nonprofit Organizations Prepare for Cybersecurity Threats

The effects of a data breach can be disastrous for any company, but especially for a nonprofit organization, not only because of the harm to the affected individuals, including those served by the organization, but also the crippling effect it could have on day-to-day operations of an organization with limited resources. A security incident can … Continue Reading

GDPR: What You Need to Know Now

It is safe to say that there has been much fear and confusion over the European Union (EU) General Data Protection Rule, or GDPR. With an effective date of May 25, 2018, and little guidance as to how the GDPR applies to organizations that do not have a physical presence in the EU or do … Continue Reading

Global Ransomware Attack Makes Healthcare Organizations Wanna Cry

As has been widely reported, on May 12, 2017, organizations around the world, including Britain’s National Health Service, found their data held hostage by actors using a new variant of ransomware called WannaCry. According to news reports, 200,000 computers in more than 150 countries have been hit by the cyberattack which appears to be spread … Continue Reading

April Showers Bring More HIPAA Settlements

April proved to be a busy month for the U.S. Department of Health and Human Services Office for Civil Rights (OCR) under its newly appointed director, Roger Severino. OCR announced three settlements of potential HIPAA violations totaling nearly $3,000,000.00 in fines. The settling parties include a wireless health services provider, a federally-qualified health center (FQHC), and … Continue Reading

Lack of Timely Action and Knowledge of Risk Results in $3.2 Million Civil Monetary Penalty for HIPAA Violations

Children’s Medical Center of Dallas (Children’s) was hit with a $3.2 million civil penalty from the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) for failing to take steps to properly protect patient medical information. The civil penalty is the result of two data breaches caused by a lack of encryption … Continue Reading

HIPAA Audits – Phase 2: On-Site Audits Scheduled for First Quarter of 2017

Covered Entities and Business Associates may be ringing in the New Year with the prospect of responding to on-site HIPAA audits by federal regulators. The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has announced that a certain number of comprehensive on-site HIPAA compliance reviews will be done over the first … Continue Reading

Best Practices for Safeguarding Protected Health Information in Inclement Weather

As the East Coast prepares for the arrival of Hurricane Matthew, covered entities and business associates should take the opportunity to remind their workforce members to safeguard protected health information (PHI) that is in paper form. Certainly, HIPAA requires covered entities and business associates to protect and secure PHI at all times. However, healthcare providers that … Continue Reading

Illinois’ Largest Health System Agrees to Stringent HIPAA Breach Settlement

The Department of Health and Human Services Office for Civil Rights (OCR) announced on August 4, 2016, a settlement agreement with Advocate Health Care Network, an integrated healthcare system with ten hospitals and a non-profit medical group of more than 1,500 physicians in Illinois (the System or Advocate). The System agreed to adopt a corrective … Continue Reading

Breach or No Breach – OCR Weighs in on Ransomware

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released its much-anticipated guidance on ransomware (OCR Ransomware Guidance) this week in response to a number of highly publicized attacks targeting the healthcare sector. Ransomware is a type of malicious software that encrypts data, making it inaccessible until the data owner … Continue Reading

Business Associates Beware! OCR Is Coming For You

Last week, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced the first HIPAA settlement involving a business associate. Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS), a nonprofit organization that provides management and information technology services to six wholly-owned skilled nursing facilities, agreed to pay $650,000 and enter … Continue Reading

Lights, Camera, Settlement: OCR says a picture is worth $2.2 million

A New York hospital has settled with the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) for $2.2 million after allowing a TV crew for the ABC documentary series “NY Med” to film patients receiving medical treatment without obtaining prior authorization from the patients or their representatives. The estate of one … Continue Reading

Not a Check-the-Box Exercise: Failure to Have Signed BAA Results in Substantial Fine

A group practice that was the victim of a silver-harvesting scam has agreed to pay the U.S. Department of Health and Human Services (“HHS”) $750,000 to settle charges that it released protected health information (“PHI”) of its patients to a third party vendor without first obtaining a written business associate agreement. Raleigh Orthopaedic Clinic, P.A. … Continue Reading

Shhh….OCR Releases New HIPAA Audit Protocol

Just in time for the Phase 2 audits, the Department of Health and Human Services Office for Civil Rights (OCR) quietly posted the updated HIPAA Audit Protocol on its website. The new audit protocol has been updated to include business associates who became subject to HIPAA following the 2013 HIPAA Omnibus Final Rule. The protocol … Continue Reading
LexBlog