Elizabeth F. Hodge

Elizabeth F. Hodge

A former president of the Florida Academy of Healthcare Attorneys, Betsy Hodge concentrates her practice on compliance and regulatory issues affecting health care providers and payers and employer-sponsored health plans. Betsy has significant experience with HIPAA and the HITECH Act and assists covered entities and business associates in complying with these laws through the development of policies and procedures, workforce training, analysis and notification of breaches, and assisting with government audits and investigations.  In addition, she counsels her clients on regulatory issues, including state and federal fraud and abuse laws.

 

Subscribe to all posts by Elizabeth F. Hodge

New OIG Special Fraud Alert Aimed at Laboratory Payments to Referring Physicians

On June 25, 2014, the U.S. Department of Health and Human Services Office of Inspector General (OIG) issued a Special Fraud Alert entitled “Laboratory Payments to Referring Physicians.” While the Alert breaks no new ground (see, e.g., its 1994 Special Fraud Alert), it demonstrates the OIG’s continuing concerns about clinical laboratories’ offering inducements to referring physicians.

The … Continue Reading

Patient Records: Increasing Exposure for Privacy Breaches

Healthcare providers and businesses that store or process protected health information (“PHI”) face increased scrutiny and significant fines for data privacy breaches and security lapses in the coming months. In the past 12 months, the U.S. Department for Health and Human Services Office for Civil Rights (“OCR”) has recovered more than $10 million in fines for alleged violations of HIPAA. … Continue Reading

The Downside to Sharing – Two Hospitals to Pay Largest HIPAA Fine Yet

On May 7, 2014, the U.S. Department of Health and Human Services Office for Civil Rights  (“OCR”) announced the largest settlement to date under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  New York and Presbyterian Hospital (“NYP”) and Columbia University (“Columbia”) agreed to pay $4.8 million and enter into resolution agreements as the result of a breach … Continue Reading

The Government is Here to Help: HHS Releases HIPAA Security Risk Assessment Tool for Small Providers

The U.S. Department of Health and Human Services (“HHS”) has just released a new security risk assessment (“SRA”) tool to assist small and medium sized health care practices (one to ten providers) conduct a HIPAA risk assessment of their organization.

The HIPAA Security Rule requires that all health care organizations that are HIPAA covered entities or business associates must conduct … Continue Reading

CMS Now Requiring Qualified Health Plans to Accept Premium Payments from Certain Third Parties

As previously reported on November 13, 2013 and February 20, 2014, the Centers for Medicare and Medicaid Services (“CMS”) has attempted to provide guidance as to when it is appropriate for issuers of “qualified health plans” (“QHPs”) to accept third parties premium payments on behalf of individuals.

On March 19, 2014, CMS reinforced its February 7, 2014 guidance by … Continue Reading

Unique Data Breach Settlement – A Sign of Things to Come?

A judge in the United States District Court for the Southern District of Florida has approved a $3 million data breach class action settlement agreement between AvMed, Inc. and plaintiffs. The settlement arises out of a December 2009 theft of unencrypted laptops containing the personal information of individuals who received  healthcare coverage through AvMed and for the first time permits … Continue Reading

35 Days and Counting – R.I.P. Windows XP

Effective April 9, 2014, Microsoft will no longer provide technical support or security updates for the Windows XP operating system. According to Microsoft, personal computers running Windows XP after April 8, 2014 should not be considered to be protected.

This announcement means that covered entities and business associates under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) … Continue Reading

HHS Allows Third-Party Premium Payments by Tribes and Non-Profits

We previously reported that the U.S. Department of Health and Human Services (“HHS”) has discouraged hospitals and other third parties from paying patients’ premiums or cost-sharing. HHS stated in its November 4, 2013 FAQ that it “has significant concerns with this practice because it could skew the insurance risk pool and create an unlevel field in the Marketplaces.” In other … Continue Reading

New Privacy Rule Gives Patients Right to Access Lab Test Reports

On February 6, 2014, the Centers for Medicare and Medicaid Services (CMS) and the U.S. Department of Health and Human Services Office for Civil Rights (HHS OCR) issued a final rule amending the Clinical Laboratory Improvement Amendments of 1988 (CLIA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule to provide individuals the right to access … Continue Reading

Accretive Health Data Breach Leads to Twenty-Year Settlement with the FTC

On December 31, 2013, the Federal Trade Commission (“FTC”) announced that Accretive Health, Inc., (“Accretive”) agreed to settle charges that the company’s inadequate data security measures exposed sensitive consumer information to the risk of theft or misuse. Accretive provides medical billing and revenue management services to hospitals around the country. Accretive experienced a data breach in 2011 when one of … Continue Reading

“Meaningful” Errors Require Hospital System to Refund $31M

In what is reported to be the largest repayment to date involving “meaningful use” incentive payments, Naples, Florida-based Health Management Associates, Inc. (“HMA”), with 71 inpatient facilities in 15 states, including Florida, recently voluntarily notified the Centers for Medicare and Medicaid Services (“CMS”) that it erroneously certified its electronic health record (“EHR”) technology in the amount of $31 million dollars. … Continue Reading

It’s Never too Late to Give Guidance: OCR Starts Releasing HIPAA Omnibus Rule Guidance in Anticipation of September 23 Compliance Deadline

This has been a busy week for the Department of Health and Human Services / Office for Civil Rights (HHS/OCR).  It has started releasing guidance on various provisions of the Omnibus HIPAA final rule (the “Final Rule”) in advance of the September 23, 2013 compliance date.  The guidance includes:

1. Model Notices of Privacy Practices

A significant provision of the

Continue Reading

EHR Meaningful Use Audits Come to Florida

As previously reported, the Office of Inspector General (OIG) for the Department of Health and Human Services (HHS) plans to audit healthcare providers that received incentive payments to adopt electronic health record (EHR) technology.

We have now received reports confirming that certain provider entities have been audited in Florida regarding these EHR incentive payments.  The OIG targets payments made … Continue Reading

HIPAA Update- A Mixed Bag for Covered Entities

System Upgrade? On July 11, 2013, the Department of Health and Human Services Office of Civil Rights (OCR) announced that it had reached a $1.7 million settlement with managed-care company Wellpoint, Inc., to resolve “potential” violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules.  The settlement arises out of a computer system upgrade that left … Continue Reading

Tuomey Standing Firm in Face of “Stark” Penalties

The next round in United States ex. rel. Drakeford v. Tuomey Healthcare System, Inc., is underway and Tuomey Healthcare keeps fighting.  As previously reported, on May 8, 2013, a federal jury found that Tuomey Healthcare System, a non-profit system in South Carolina, violated the Stark law and the False Claims Act in connection with its compensation structure for … Continue Reading

Second Time Around Tuomey Healthcare System is Found to Have Violated Stark Law and False Claims Act; Faces Penalties of up to $357 Million

In the ongoing saga of U.S. ex. rel. Drakeford v. Tuomey Healthcare System, Inc., on May 8, 2013, a South Carolina jury found that Tuomey violated the Stark Law and the False Claims Act.  The jury determined that Tuomey submitted over 21,000 improper claims, totaling $39 million. When penalties and treble damages of up to $11,000 per claim are … Continue Reading

Move to Amend HIPAA Privacy Rule to Allow Firearm Background Check Reporting

The Department of Health and Human Services Office for Civil Rights (OCR) recently announced via an Advance Notice of Proposed Rulemaking (ANPRM) that it is considering amending the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy Rule. The proposed amendment would expressly permit covered entities holding information about the identities of individuals who are prohibited under federal law … Continue Reading

Healthcare Providers (and Business Associates) Beware: Plaintiffs Using Novel Theories When Suing for Breaches of Protected Health Information

Healthcare providers, other covered entities under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), and now HIPAA business associates, should be aware that patients who believe that their protected health information (PHI) has been improperly accessed are suing those required to protect the privacy and security of PHI based on some novel legal theories. HIPAA does not provide … Continue Reading

New OIG Special Fraud Alert Declares PODs To Be “Inherently Suspect”

On March 26, 2013, the Department of Health and Human Services Office of Inspector General (OIG) issued a Special Fraud Alert advising that the OIG considers physician-owned distributorships (“PODs”) as “inherently suspect” under the federal Anti-Kickback Statute. In the strongly worded guidance, the OIG defines PODs as physician-owned entities that sell or arrange for the sale of implantable medical devices … Continue Reading

11th Circuit Issues Cautionary Opinion for Transactional Lawyers

The recent case of St. Joseph Hospital, Augusta, Georgia, Inc. v. Health Management Associates, Inc., Case No. 11-13069 (decided January 24, 2013), is a warning for transactional lawyers to be careful how they describe a transaction in pre-closing filings with government agencies. St. Joseph Hospital (now known as Trinity Hospital of Augusta) sued HMA for breach of contract and … Continue Reading

Florida Physician to Pay $26.1 Million to Settle False Claims Allegations

On February 11, 2013, the U.S. Department of Justice (DOJ) announced the largest settlement ever reached with an individual under the False Claims Act (FCA) in the United States District Court for the Middle District of Florida. The settlement is also one of the largest with an individual under the FCA in U.S. history. According the Notice of Settlement filed … Continue Reading

HIPAA Omnibus Final Rule Changes the Game for Business Associates

On January 25, 2013, the Department of Health and Human Services/Office for Civil Rights (HHS/OCR) published in the Federal Register (78 Fed. Reg. 5566) the long-awaited final rule titled Modifications to the HIPAA Privacy, Security, Enforcement and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to Continue Reading

LexBlog