Elizabeth F. Hodge

Photo of Elizabeth F. Hodge

A former president of the Florida Academy of Healthcare Attorneys, Betsy Hodge concentrates her practice on compliance and regulatory issues affecting health care providers and payers and employer-sponsored health plans. Betsy has significant experience with HIPAA and the HITECH Act and assists covered entities and business associates in complying with these laws through the development of policies and procedures, workforce training, analysis and notification of breaches, and assisting with government audits and investigations.  In addition, she counsels her clients on regulatory issues, including state and federal fraud and abuse laws.

 

Subscribe to all posts by Elizabeth F. Hodge

Shhh….OCR Releases New HIPAA Audit Protocol

Just in time for the Phase 2 audits, the Department of Health and Human Services Office for Civil Rights (OCR) quietly posted the updated HIPAA Audit Protocol on its website. The new audit protocol has been updated to include business associates who became subject to HIPAA following the 2013 HIPAA Omnibus Final Rule. The protocol … Continue Reading

Phase 2 of HIPAA Audits Is Underway – Covered Entities and Business Associates Beware

The U.S. Department of Health and Human Services Office of Civil Rights (OCR) recently announced that it has started obtaining and verifying entity contact information to identify covered entities and business associates for potential audit subject pools for the 2016 Phase 2 HIPAA Audit Program. In Phase 2, OCR will review the policies and procedures … Continue Reading

OCR Issues New Guidance on “Reasonable and Cost-Based” Fees Associated with Medical Record Copying and Access

On February 25, 2016, the Office of Civil Rights (OCR) released a set of FAQs directed at healthcare providers and plans that are required to comply with the HIPAA Privacy Rule (the Privacy Rule). The guidance emphasizes that any fees charged for access to or copies of patient information must be “reasonable and cost-based” and … Continue Reading

New CMS rule clarifies when 60-day overpayment clock starts ticking

Four years after publication of its proposed rule related to reporting and returning overpayments within 60 days, CMS has issued a final rule that responds to comments and provides greater clarity. The published rule is under the Affordable Care Act requirement that providers report Medicare and Medicaid overpayments and return the overpayment within 60 days … Continue Reading

HIPAA Privacy Rule Now Permits Reporting for Firearms Background Checks

On January 4, 2016, the U.S. Department of Health and Human Services (HHS) issued a final rule that modifies the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. This modification expressly allows certain covered entities to disclose to the National Instant Criminal Background Check System (NICS), without consent, the identities of individuals … Continue Reading

Medical Devices And Risks Of Unauthorized Disclosure Of Protected Health Information

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) kicked off the holiday season by publishing a settlement agreement under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) relating to the theft of an unencrypted laptop from a hospital. Lahey Hospital and Medical Center (Lahey), a nonprofit teaching hospital … Continue Reading

Can We Talk? Florida Court Rejects Latest Challenge to Med Mal Presuit Authorization Law

In the latest challenge to a Florida law designed to promote early settlement of meritorious medical malpractice claims, the Florida First District Court of Appeal recently rejected a plaintiff’s arguments that 2013 amendments to the law violated the Florida Constitution. See Weaver v. Myers, Case No. 1D14-3178 (Fla. 1st DCA July 21, 2015). The court also … Continue Reading

Recent HHS Settlement Highlights Risks of Electronically-Sharing Protected Health Information

On July 10, 2015, the United States Department of Health and Human Services Office for Civil Rights (OCR) announced its second settlement of the year for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). St. Elizabeth’s Medical Center (SEMC), a tertiary care hospital in Massachusetts, must pay $218,400 and adopt a “robust corrective … Continue Reading

IRS Says Hospitals Must List Physicians in Financial Assistance Policies

On June 26, 2015, the Internal Revenue Service (IRS) issued guidance to clarify how charitable hospitals may comply with regulations issued by the Department of Treasury under the Patient Protection and Affordable Care Act (ACA). The regulations implementing Section 501(r) of the Internal Revenue Code require hospitals to include a list of covered providers in … Continue Reading

HHS Settlement: Dumpster-Diving Leads to Settlement for Improper Disposal of Documents Containing Protected Health Information

The U.S. Department of Health and Human Services Office for Civil Rights (HHS) recently announced that it has reached an agreement with a small pharmacy to resolve potential HIPAA violations. The settlement arose from the disposal of unsecured paper documents containing protected health information (PHI) of the Pharmacy’s customers. The more well-known data breaches usually … Continue Reading

Talk Amongst Yourselves: HIPAA Does Not Preempt Florida Med Mal Presuit Authorization Law

A federal appellate court recently concluded that the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) does not preempt a Florida law that requires aggrieved patients to authorize the release of their protected health information as a presuit condition to suing a medical provider for negligence. See Murphy v. Dulay (11th Cir. Oct. 10, … Continue Reading

Florida Information Protection Act of 2014 – Florida Means Business When It Comes to Protecting Customers’ Personal Information

On June 20, 2014, Governor Rick Scott signed into law the Florida Information Protection Act of 2014 (“FIPA”), which became effective July 1, 2014. FIPA expands the obligations of businesses and government entities that maintain data containing personal information of individuals to safeguard and provide notice of breaches of such information. As a result, Florida … Continue Reading

New OIG Special Fraud Alert Aimed at Laboratory Payments to Referring Physicians

On June 25, 2014, the U.S. Department of Health and Human Services Office of Inspector General (OIG) issued a Special Fraud Alert entitled “Laboratory Payments to Referring Physicians.” While the Alert breaks no new ground (see, e.g., its 1994 Special Fraud Alert), it demonstrates the OIG’s continuing concerns about clinical laboratories’ offering inducements to referring … Continue Reading

Patient Records: Increasing Exposure for Privacy Breaches

Healthcare providers and businesses that store or process protected health information (“PHI”) face increased scrutiny and significant fines for data privacy breaches and security lapses in the coming months. In the past 12 months, the U.S. Department for Health and Human Services Office for Civil Rights (“OCR”) has recovered more than $10 million in fines … Continue Reading

The Downside to Sharing – Two Hospitals to Pay Largest HIPAA Fine Yet

On May 7, 2014, the U.S. Department of Health and Human Services Office for Civil Rights  (“OCR”) announced the largest settlement to date under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  New York and Presbyterian Hospital (“NYP”) and Columbia University (“Columbia”) agreed to pay $4.8 million and enter into resolution agreements as … Continue Reading

The Government is Here to Help: HHS Releases HIPAA Security Risk Assessment Tool for Small Providers

The U.S. Department of Health and Human Services (“HHS”) has just released a new security risk assessment (“SRA”) tool to assist small and medium sized health care practices (one to ten providers) conduct a HIPAA risk assessment of their organization. The HIPAA Security Rule requires that all health care organizations that are HIPAA covered entities … Continue Reading

CMS Now Requiring Qualified Health Plans to Accept Premium Payments from Certain Third Parties

As previously reported on November 13, 2013 and February 20, 2014, the Centers for Medicare and Medicaid Services (“CMS”) has attempted to provide guidance as to when it is appropriate for issuers of “qualified health plans” (“QHPs”) to accept third parties premium payments on behalf of individuals. On March 19, 2014, CMS reinforced its February … Continue Reading

Unique Data Breach Settlement – A Sign of Things to Come?

A judge in the United States District Court for the Southern District of Florida has approved a $3 million data breach class action settlement agreement between AvMed, Inc. and plaintiffs. The settlement arises out of a December 2009 theft of unencrypted laptops containing the personal information of individuals who received  healthcare coverage through AvMed and … Continue Reading

35 Days and Counting – R.I.P. Windows XP

Effective April 9, 2014, Microsoft will no longer provide technical support or security updates for the Windows XP operating system. According to Microsoft, personal computers running Windows XP after April 8, 2014 should not be considered to be protected. This announcement means that covered entities and business associates under the Health Insurance Portability and Accountability … Continue Reading

HHS Allows Third-Party Premium Payments by Tribes and Non-Profits

We previously reported that the U.S. Department of Health and Human Services (“HHS”) has discouraged hospitals and other third parties from paying patients’ premiums or cost-sharing. HHS stated in its November 4, 2013 FAQ that it “has significant concerns with this practice because it could skew the insurance risk pool and create an unlevel field … Continue Reading

New Privacy Rule Gives Patients Right to Access Lab Test Reports

On February 6, 2014, the Centers for Medicare and Medicaid Services (CMS) and the U.S. Department of Health and Human Services Office for Civil Rights (HHS OCR) issued a final rule amending the Clinical Laboratory Improvement Amendments of 1988 (CLIA) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule to provide … Continue Reading

Accretive Health Data Breach Leads to Twenty-Year Settlement with the FTC

On December 31, 2013, the Federal Trade Commission (“FTC”) announced that Accretive Health, Inc., (“Accretive”) agreed to settle charges that the company’s inadequate data security measures exposed sensitive consumer information to the risk of theft or misuse. Accretive provides medical billing and revenue management services to hospitals around the country. Accretive experienced a data breach … Continue Reading

“Meaningful” Errors Require Hospital System to Refund $31M

In what is reported to be the largest repayment to date involving “meaningful use” incentive payments, Naples, Florida-based Health Management Associates, Inc. (“HMA”), with 71 inpatient facilities in 15 states, including Florida, recently voluntarily notified the Centers for Medicare and Medicaid Services (“CMS”) that it erroneously certified its electronic health record (“EHR”) technology in the … Continue Reading

It’s Never too Late to Give Guidance: OCR Starts Releasing HIPAA Omnibus Rule Guidance in Anticipation of September 23 Compliance Deadline

This has been a busy week for the Department of Health and Human Services / Office for Civil Rights (HHS/OCR).  It has started releasing guidance on various provisions of the Omnibus HIPAA final rule (the “Final Rule”) in advance of the September 23, 2013 compliance date.  The guidance includes: 1. Model Notices of Privacy Practices A … Continue Reading
LexBlog