Elizabeth F. Hodge

Photo of Elizabeth F. Hodge

A former president of the Florida Academy of Healthcare Attorneys, Betsy Hodge concentrates her practice on compliance and regulatory issues affecting health care providers and payers and employer-sponsored health plans. Betsy has significant experience with HIPAA and the HITECH Act and assists covered entities and business associates in complying with these laws through the development of policies and procedures, workforce training, analysis and notification of breaches, and assisting with government audits and investigations.  In addition, she counsels her clients on regulatory issues, including state and federal fraud and abuse laws.

 

Subscribe to all posts by Elizabeth F. Hodge

Ransomware Targeting Hospitals and Healthcare Providers

By Elizabeth F. Hodge on Posted in HIPAA, Privacy, and Data Security, Hospitals & Health Systems
While fighting a surge of new coronavirus infections in many parts of the country, healthcare providers must also be prepared to defend against ransomware. On October 28, 2020, the FBI, the U.S. Department of Health and Human Services (HHS), and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint alert warning of  “credible information … Continue Reading

CARES Act Provider Relief Funds – The Requirements Are Taxing

By Elizabeth F. Hodge, Stefi George and Danielle C. Gordet on Posted in Healthcare Law, Healthcare M&A, Joint Ventures, Transactions & Health Ventures, Hospitals & Health Systems, Physicians
The Internal Revenue Service (“IRS”) recently clarified that CARES Act Provider Relief Funds (“Relief Funds”) are considered taxable income for for-profit providers, including physician practices. This news comes as a surprise as many thought such funds would be considered “qualified disaster relief payments” and therefore not includible in gross income under Section 139 of the … Continue Reading

New FBI Alert to Healthcare Providers – Beware of COVID-19 Phishing Campaigns

By Elizabeth F. Hodge and Christy S. Hawkins on Posted in Electronic Health Records & Medical Records, HIPAA, Privacy, and Data Security, Technology
Healthcare providers are under siege, not only from the COVID-19 pandemic, but also from cyber criminals.  Following reports of targeted email phishing attempts, the FBI issued a FLASH alert warning healthcare providers on April 21, 2020, that they are at heightened risk for cyber attacks that use COVID-19 as bait.  The FBI’s FLASH alert follows … Continue Reading

Buyer Beware – FBI Warns of Fraud Involving Procurement of PPE and Other COVID-19 Supplies

By Elizabeth F. Hodge on Posted in Fraud & Abuse & False Claims Act, Government Affairs, Licensure & Regulatory, Healthcare Law, Hospitals & Health Systems
Many employers are now making plans to have their employees return to the workplace. Based on recent alerts from the FBI, part of preparing to protect workers from COVID-19 at work should include protecting the company from falling prey to fraudsters. To do that, employers should put in place procedures to carefully screen vendors from … Continue Reading

Accepting CARES Act Relief Funds for Health Care Providers? Tell Your Compliance Department

By Elizabeth F. Hodge and Danielle C. Gordet on Posted in Healthcare Law, Healthcare Litigation, Hospitals & Health Systems, Physicians
While the CARES Act signals relief for many healthcare providers, it is important to remember that there are strings attached and reasons for providers to involve their compliance departments in the use and tracking of the CARES Act relief funds. The CARES Act promised, through the Public Health and Social Services Emergency Fund, to provide … Continue Reading

OCR COVID-19 Updates on HIPAA and Anti-Discrimination Laws

By Elizabeth F. Hodge on Posted in HIPAA, Privacy, and Data Security, Hospitals & Health Systems, Physicians
Hospitals will have a limited waiver of HIPAA sanctions and penalties during the COVID-19 outbreak as a result of a bulletin issued on March 16, 2020 by the U.S. Department of Health and Human Services. The Office of Civil Rights also issued a reminder that even during a medical emergency like the COVID-19 pandemic, all … Continue Reading

Healthcare Providers Must Remember HIPAA Before Responding to Online Reviews

By Elizabeth F. Hodge on Posted in Healthcare Law, HIPAA, Privacy, and Data Security, Hospitals & Health Systems
The latest HIPAA resolution agreement by the U.S. Department of Health and Human Services Office for Civil Rights (OCR) is a reminder that healthcare providers must take the high road when responding to unflattering online reviews by patients. While it is tempting to respond to a bad and perhaps untrue online review, healthcare providers need … Continue Reading

On-Line Resources Help Nonprofit Organizations Prepare for Cybersecurity Threats

By Elizabeth F. Hodge and Paul L. Kobak on Posted in Tax Exempt
The effects of a data breach can be disastrous for any company, but especially for a nonprofit organization, not only because of the harm to the affected individuals, including those served by the organization, but also the crippling effect it could have on day-to-day operations of an organization with limited resources. A security incident can … Continue Reading

GDPR: What You Need to Know Now

By Elizabeth F. Hodge and Robert E. Slavkin on Posted in Health Insurers & Managed Care Organizations, Healthcare Law, Hospitals & Health Systems, Technology
It is safe to say that there has been much fear and confusion over the European Union (EU) General Data Protection Rule, or GDPR. With an effective date of May 25, 2018, and little guidance as to how the GDPR applies to organizations that do not have a physical presence in the EU or do … Continue Reading

Global Ransomware Attack Makes Healthcare Organizations Wanna Cry

By Elizabeth F. Hodge on Posted in Electronic Health Records & Medical Records, HIPAA, Privacy, and Data Security, Hospitals & Health Systems, Physicians
As has been widely reported, on May 12, 2017, organizations around the world, including Britain’s National Health Service, found their data held hostage by actors using a new variant of ransomware called WannaCry. According to news reports, 200,000 computers in more than 150 countries have been hit by the cyberattack which appears to be spread … Continue Reading

April Showers Bring More HIPAA Settlements

By Elizabeth F. Hodge and Carolyn V. Metnick on Posted in Electronic Health Records & Medical Records, Healthcare Law, HIPAA, Privacy, and Data Security
April proved to be a busy month for the U.S. Department of Health and Human Services Office for Civil Rights (OCR) under its newly appointed director, Roger Severino. OCR announced three settlements of potential HIPAA violations totaling nearly $3,000,000.00 in fines. The settling parties include a wireless health services provider, a federally-qualified health center (FQHC), and … Continue Reading

Lack of Timely Action and Knowledge of Risk Results in $3.2 Million Civil Monetary Penalty for HIPAA Violations

By Elizabeth F. Hodge and Carolyn V. Metnick on Posted in Electronic Health Records & Medical Records, Healthcare Law, HIPAA, Privacy, and Data Security
Children’s Medical Center of Dallas (Children’s) was hit with a $3.2 million civil penalty from the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) for failing to take steps to properly protect patient medical information. The civil penalty is the result of two data breaches caused by a lack of encryption … Continue Reading

HIPAA Audits – Phase 2: On-Site Audits Scheduled for First Quarter of 2017

By Steven Grigas and Elizabeth F. Hodge on Posted in HIPAA, Privacy, and Data Security, Hospitals & Health Systems, Physicians
Covered Entities and Business Associates may be ringing in the New Year with the prospect of responding to on-site HIPAA audits by federal regulators. The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has announced that a certain number of comprehensive on-site HIPAA compliance reviews will be done over the first … Continue Reading

Best Practices for Safeguarding Protected Health Information in Inclement Weather

By Elizabeth F. Hodge and Carolyn V. Metnick on Posted in HIPAA, Privacy, and Data Security
As the East Coast prepares for the arrival of Hurricane Matthew, covered entities and business associates should take the opportunity to remind their workforce members to safeguard protected health information (PHI) that is in paper form. Certainly, HIPAA requires covered entities and business associates to protect and secure PHI at all times. However, healthcare providers that … Continue Reading

Illinois’ Largest Health System Agrees to Stringent HIPAA Breach Settlement

By Elizabeth F. Hodge, Jane K. McCahill and Carolyn V. Metnick on Posted in HIPAA, Privacy, and Data Security, Hospitals & Health Systems
The Department of Health and Human Services Office for Civil Rights (OCR) announced on August 4, 2016, a settlement agreement with Advocate Health Care Network, an integrated healthcare system with ten hospitals and a non-profit medical group of more than 1,500 physicians in Illinois (the System or Advocate). The System agreed to adopt a corrective … Continue Reading

Breach or No Breach – OCR Weighs in on Ransomware

By Elizabeth F. Hodge and Carolyn V. Metnick on Posted in HIPAA, Privacy, and Data Security
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released its much-anticipated guidance on ransomware (OCR Ransomware Guidance) this week in response to a number of highly publicized attacks targeting the healthcare sector. Ransomware is a type of malicious software that encrypts data, making it inaccessible until the data owner … Continue Reading

Business Associates Beware! OCR Is Coming For You

By Carolyn V. Metnick, Elizabeth F. Hodge and Stacey L. Callaghan on Posted in HIPAA, Privacy, and Data Security
Last week, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced the first HIPAA settlement involving a business associate. Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS), a nonprofit organization that provides management and information technology services to six wholly-owned skilled nursing facilities, agreed to pay $650,000 and enter … Continue Reading

Lights, Camera, Settlement: OCR says a picture is worth $2.2 million

By Carolyn V. Metnick, Elizabeth F. Hodge and Jason Betke on Posted in Healthcare Law, HIPAA, Privacy, and Data Security, Hospitals & Health Systems
A New York hospital has settled with the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) for $2.2 million after allowing a TV crew for the ABC documentary series “NY Med” to film patients receiving medical treatment without obtaining prior authorization from the patients or their representatives. The estate of one … Continue Reading

Not a Check-the-Box Exercise: Failure to Have Signed BAA Results in Substantial Fine

By Carolyn V. Metnick, Elizabeth F. Hodge and Stacey L. Callaghan on Posted in Electronic Health Records & Medical Records, HIPAA, Privacy, and Data Security, Hospitals & Health Systems
A group practice that was the victim of a silver-harvesting scam has agreed to pay the U.S. Department of Health and Human Services (“HHS”) $750,000 to settle charges that it released protected health information (“PHI”) of its patients to a third party vendor without first obtaining a written business associate agreement. Raleigh Orthopaedic Clinic, P.A. … Continue Reading

Shhh….OCR Releases New HIPAA Audit Protocol

By Elizabeth F. Hodge and Carolyn V. Metnick on Posted in Electronic Health Records & Medical Records, Healthcare Law, HIPAA, Privacy, and Data Security, Hospitals & Health Systems, Physicians, Technology
Just in time for the Phase 2 audits, the Department of Health and Human Services Office for Civil Rights (OCR) quietly posted the updated HIPAA Audit Protocol on its website. The new audit protocol has been updated to include business associates who became subject to HIPAA following the 2013 HIPAA Omnibus Final Rule. The protocol … Continue Reading

Phase 2 of HIPAA Audits Is Underway – Covered Entities and Business Associates Beware

By Carolyn V. Metnick and Elizabeth F. Hodge on Posted in HIPAA, Privacy, and Data Security
The U.S. Department of Health and Human Services Office of Civil Rights (OCR) recently announced that it has started obtaining and verifying entity contact information to identify covered entities and business associates for potential audit subject pools for the 2016 Phase 2 HIPAA Audit Program. In Phase 2, OCR will review the policies and procedures … Continue Reading

OCR Issues New Guidance on “Reasonable and Cost-Based” Fees Associated with Medical Record Copying and Access

By Carolyn V. Metnick, Elizabeth F. Hodge and Stacey L. Callaghan on Posted in HIPAA, Privacy, and Data Security
On February 25, 2016, the Office of Civil Rights (OCR) released a set of FAQs directed at healthcare providers and plans that are required to comply with the HIPAA Privacy Rule (the Privacy Rule). The guidance emphasizes that any fees charged for access to or copies of patient information must be “reasonable and cost-based” and … Continue Reading

New CMS rule clarifies when 60-day overpayment clock starts ticking

By Jane K. McCahill, Elizabeth F. Hodge and Michael P. Gennett on Posted in Affordable Care Act and Other Healthcare Reform Legislation, Fraud & Abuse & False Claims Act, Medicare & Medicaid
Four years after publication of its proposed rule related to reporting and returning overpayments within 60 days, CMS has issued a final rule that responds to comments and provides greater clarity. The published rule is under the Affordable Care Act requirement that providers report Medicare and Medicaid overpayments and return the overpayment within 60 days … Continue Reading

HIPAA Privacy Rule Now Permits Reporting for Firearms Background Checks

By Elizabeth F. Hodge on Posted in HIPAA, Privacy, and Data Security
On January 4, 2016, the U.S. Department of Health and Human Services (HHS) issued a final rule that modifies the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. This modification expressly allows certain covered entities to disclose to the National Instant Criminal Background Check System (NICS), without consent, the identities of individuals … Continue Reading
LexBlog