Elizabeth F. Hodge

Photo of Elizabeth F. Hodge

A former president of the Florida Academy of Healthcare Attorneys, Betsy Hodge concentrates her practice on compliance and regulatory issues affecting health care providers and payers and employer-sponsored health plans. Betsy has significant experience with HIPAA and the HITECH Act and assists covered entities and business associates in complying with these laws through the development of policies and procedures, workforce training, analysis and notification of breaches, and assisting with government audits and investigations.  In addition, she counsels her clients on regulatory issues, including state and federal fraud and abuse laws.

 

Subscribe to all posts by Elizabeth F. Hodge

On-Line Resources Help Nonprofit Organizations Prepare for Cybersecurity Threats

By Elizabeth F. Hodge and Paul L. Kobak on Posted in Tax Exempt
The effects of a data breach can be disastrous for any company, but especially for a nonprofit organization, not only because of the harm to the affected individuals, including those served by the organization, but also the crippling effect it could have on day-to-day operations of an organization with limited resources. A security incident can … Continue Reading

GDPR: What You Need to Know Now

By Elizabeth F. Hodge and Robert E. Slavkin on Posted in Health Insurers & Managed Care Organizations, Healthcare Law, Hospitals & Health Systems, Technology
It is safe to say that there has been much fear and confusion over the European Union (EU) General Data Protection Rule, or GDPR. With an effective date of May 25, 2018, and little guidance as to how the GDPR applies to organizations that do not have a physical presence in the EU or do … Continue Reading

Global Ransomware Attack Makes Healthcare Organizations Wanna Cry

By Elizabeth F. Hodge on Posted in Electronic Health Records & Medical Records, HIPAA, Privacy, and Data Security, Hospitals & Health Systems, Physicians
As has been widely reported, on May 12, 2017, organizations around the world, including Britain’s National Health Service, found their data held hostage by actors using a new variant of ransomware called WannaCry. According to news reports, 200,000 computers in more than 150 countries have been hit by the cyberattack which appears to be spread … Continue Reading

April Showers Bring More HIPAA Settlements

By Elizabeth F. Hodge and Carolyn V. Metnick on Posted in Electronic Health Records & Medical Records, Healthcare Law, HIPAA, Privacy, and Data Security
April proved to be a busy month for the U.S. Department of Health and Human Services Office for Civil Rights (OCR) under its newly appointed director, Roger Severino. OCR announced three settlements of potential HIPAA violations totaling nearly $3,000,000.00 in fines. The settling parties include a wireless health services provider, a federally-qualified health center (FQHC), and … Continue Reading

Lack of Timely Action and Knowledge of Risk Results in $3.2 Million Civil Monetary Penalty for HIPAA Violations

By Elizabeth F. Hodge and Carolyn V. Metnick on Posted in Electronic Health Records & Medical Records, Healthcare Law, HIPAA, Privacy, and Data Security
Children’s Medical Center of Dallas (Children’s) was hit with a $3.2 million civil penalty from the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) for failing to take steps to properly protect patient medical information. The civil penalty is the result of two data breaches caused by a lack of encryption … Continue Reading

HIPAA Audits – Phase 2: On-Site Audits Scheduled for First Quarter of 2017

By Steven Grigas and Elizabeth F. Hodge on Posted in HIPAA, Privacy, and Data Security, Hospitals & Health Systems, Physicians
Covered Entities and Business Associates may be ringing in the New Year with the prospect of responding to on-site HIPAA audits by federal regulators. The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has announced that a certain number of comprehensive on-site HIPAA compliance reviews will be done over the first … Continue Reading

Best Practices for Safeguarding Protected Health Information in Inclement Weather

By Elizabeth F. Hodge and Carolyn V. Metnick on Posted in HIPAA, Privacy, and Data Security
As the East Coast prepares for the arrival of Hurricane Matthew, covered entities and business associates should take the opportunity to remind their workforce members to safeguard protected health information (PHI) that is in paper form. Certainly, HIPAA requires covered entities and business associates to protect and secure PHI at all times. However, healthcare providers that … Continue Reading

Illinois’ Largest Health System Agrees to Stringent HIPAA Breach Settlement

By Elizabeth F. Hodge, Jane K. McCahill and Carolyn V. Metnick on Posted in HIPAA, Privacy, and Data Security, Hospitals & Health Systems
The Department of Health and Human Services Office for Civil Rights (OCR) announced on August 4, 2016, a settlement agreement with Advocate Health Care Network, an integrated healthcare system with ten hospitals and a non-profit medical group of more than 1,500 physicians in Illinois (the System or Advocate). The System agreed to adopt a corrective … Continue Reading

Breach or No Breach – OCR Weighs in on Ransomware

By Elizabeth F. Hodge and Carolyn V. Metnick on Posted in HIPAA, Privacy, and Data Security
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released its much-anticipated guidance on ransomware (OCR Ransomware Guidance) this week in response to a number of highly publicized attacks targeting the healthcare sector. Ransomware is a type of malicious software that encrypts data, making it inaccessible until the data owner … Continue Reading

Business Associates Beware! OCR Is Coming For You

By Carolyn V. Metnick, Elizabeth F. Hodge and Stacey L. Callaghan on Posted in HIPAA, Privacy, and Data Security
Last week, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced the first HIPAA settlement involving a business associate. Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS), a nonprofit organization that provides management and information technology services to six wholly-owned skilled nursing facilities, agreed to pay $650,000 and enter … Continue Reading

Lights, Camera, Settlement: OCR says a picture is worth $2.2 million

By Carolyn V. Metnick, Elizabeth F. Hodge and Jason Betke on Posted in Healthcare Law, HIPAA, Privacy, and Data Security, Hospitals & Health Systems
A New York hospital has settled with the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) for $2.2 million after allowing a TV crew for the ABC documentary series “NY Med” to film patients receiving medical treatment without obtaining prior authorization from the patients or their representatives. The estate of one … Continue Reading

Not a Check-the-Box Exercise: Failure to Have Signed BAA Results in Substantial Fine

By Carolyn V. Metnick, Elizabeth F. Hodge and Stacey L. Callaghan on Posted in Electronic Health Records & Medical Records, HIPAA, Privacy, and Data Security, Hospitals & Health Systems
A group practice that was the victim of a silver-harvesting scam has agreed to pay the U.S. Department of Health and Human Services (“HHS”) $750,000 to settle charges that it released protected health information (“PHI”) of its patients to a third party vendor without first obtaining a written business associate agreement. Raleigh Orthopaedic Clinic, P.A. … Continue Reading

Shhh….OCR Releases New HIPAA Audit Protocol

By Elizabeth F. Hodge and Carolyn V. Metnick on Posted in Electronic Health Records & Medical Records, Healthcare Law, HIPAA, Privacy, and Data Security, Hospitals & Health Systems, Physicians, Technology
Just in time for the Phase 2 audits, the Department of Health and Human Services Office for Civil Rights (OCR) quietly posted the updated HIPAA Audit Protocol on its website. The new audit protocol has been updated to include business associates who became subject to HIPAA following the 2013 HIPAA Omnibus Final Rule. The protocol … Continue Reading

Phase 2 of HIPAA Audits Is Underway – Covered Entities and Business Associates Beware

By Carolyn V. Metnick and Elizabeth F. Hodge on Posted in HIPAA, Privacy, and Data Security
The U.S. Department of Health and Human Services Office of Civil Rights (OCR) recently announced that it has started obtaining and verifying entity contact information to identify covered entities and business associates for potential audit subject pools for the 2016 Phase 2 HIPAA Audit Program. In Phase 2, OCR will review the policies and procedures … Continue Reading

OCR Issues New Guidance on “Reasonable and Cost-Based” Fees Associated with Medical Record Copying and Access

By Carolyn V. Metnick, Elizabeth F. Hodge and Stacey L. Callaghan on Posted in HIPAA, Privacy, and Data Security
On February 25, 2016, the Office of Civil Rights (OCR) released a set of FAQs directed at healthcare providers and plans that are required to comply with the HIPAA Privacy Rule (the Privacy Rule). The guidance emphasizes that any fees charged for access to or copies of patient information must be “reasonable and cost-based” and … Continue Reading

New CMS rule clarifies when 60-day overpayment clock starts ticking

By Jane K. McCahill, Elizabeth F. Hodge and Michael P. Gennett on Posted in Affordable Care Act and Other Healthcare Reform Legislation, Fraud & Abuse & False Claims Act, Medicare & Medicaid
Four years after publication of its proposed rule related to reporting and returning overpayments within 60 days, CMS has issued a final rule that responds to comments and provides greater clarity. The published rule is under the Affordable Care Act requirement that providers report Medicare and Medicaid overpayments and return the overpayment within 60 days … Continue Reading

HIPAA Privacy Rule Now Permits Reporting for Firearms Background Checks

By Elizabeth F. Hodge on Posted in HIPAA, Privacy, and Data Security
On January 4, 2016, the U.S. Department of Health and Human Services (HHS) issued a final rule that modifies the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. This modification expressly allows certain covered entities to disclose to the National Instant Criminal Background Check System (NICS), without consent, the identities of individuals … Continue Reading

Medical Devices And Risks Of Unauthorized Disclosure Of Protected Health Information

By Elizabeth F. Hodge and Thomas A. Range on Posted in HIPAA, Privacy, and Data Security
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) kicked off the holiday season by publishing a settlement agreement under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) relating to the theft of an unencrypted laptop from a hospital. Lahey Hospital and Medical Center (Lahey), a nonprofit teaching hospital … Continue Reading

Can We Talk? Florida Court Rejects Latest Challenge to Med Mal Presuit Authorization Law

By Elizabeth F. Hodge and Thomas A. Range on Posted in Electronic Health Records & Medical Records, Healthcare Law, Healthcare Litigation, HIPAA, Privacy, and Data Security
In the latest challenge to a Florida law designed to promote early settlement of meritorious medical malpractice claims, the Florida First District Court of Appeal recently rejected a plaintiff’s arguments that 2013 amendments to the law violated the Florida Constitution. See Weaver v. Myers, Case No. 1D14-3178 (Fla. 1st DCA July 21, 2015). The court also … Continue Reading

Recent HHS Settlement Highlights Risks of Electronically-Sharing Protected Health Information

By Elizabeth F. Hodge and Thomas A. Range on Posted in HIPAA, Privacy, and Data Security
On July 10, 2015, the United States Department of Health and Human Services Office for Civil Rights (OCR) announced its second settlement of the year for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). St. Elizabeth’s Medical Center (SEMC), a tertiary care hospital in Massachusetts, must pay $218,400 and adopt a “robust corrective … Continue Reading

IRS Says Hospitals Must List Physicians in Financial Assistance Policies

By Elizabeth F. Hodge and Jane K. McCahill on Posted in Affordable Care Act and Other Healthcare Reform Legislation, Hospitals & Health Systems, Tax Exempt
On June 26, 2015, the Internal Revenue Service (IRS) issued guidance to clarify how charitable hospitals may comply with regulations issued by the Department of Treasury under the Patient Protection and Affordable Care Act (ACA). The regulations implementing Section 501(r) of the Internal Revenue Code require hospitals to include a list of covered providers in … Continue Reading

HHS Settlement: Dumpster-Diving Leads to Settlement for Improper Disposal of Documents Containing Protected Health Information

By Elizabeth F. Hodge and Thomas A. Range on Posted in HIPAA, Privacy, and Data Security, Security
The U.S. Department of Health and Human Services Office for Civil Rights (HHS) recently announced that it has reached an agreement with a small pharmacy to resolve potential HIPAA violations. The settlement arose from the disposal of unsecured paper documents containing protected health information (PHI) of the Pharmacy’s customers. The more well-known data breaches usually … Continue Reading

Talk Amongst Yourselves: HIPAA Does Not Preempt Florida Med Mal Presuit Authorization Law

By Elizabeth F. Hodge and Thomas A. Range on Posted in Electronic Health Records & Medical Records, Physicians
A federal appellate court recently concluded that the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) does not preempt a Florida law that requires aggrieved patients to authorize the release of their protected health information as a presuit condition to suing a medical provider for negligence. See Murphy v. Dulay (11th Cir. Oct. 10, … Continue Reading

Florida Information Protection Act of 2014 – Florida Means Business When It Comes to Protecting Customers’ Personal Information

By Robert E. Slavkin and Elizabeth F. Hodge on Posted in Electronic Health Records & Medical Records, Government Affairs, Licensure & Regulatory
On June 20, 2014, Governor Rick Scott signed into law the Florida Information Protection Act of 2014 (“FIPA”), which became effective July 1, 2014. FIPA expands the obligations of businesses and government entities that maintain data containing personal information of individuals to safeguard and provide notice of breaches of such information. As a result, Florida … Continue Reading
LexBlog