Category Archives: Electronic Health Records & Medical Records

Subscribe to Electronic Health Records & Medical Records RSS Feed

OIG Issues Information Blocking Penalties Final Rule: Health IT Developers and Health Information Exchanges/Networks Have a Million Reasons to Care

On June 27, 2023, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) issued its long-anticipated final rule amending the OIG’s civil monetary penalty (CMP) regulations as they relate to information blocking (CMP Final Rule or Rule). The CMP Final Rule was published in the Federal Register on July 3, 2023. … Continue Reading

FTC’s Enforcement Action Against GoodRx Breathes New Life into Decade Old Regulation

The Federal Trade Commission (FTC) didn’t mince words. On September 2021, it called out the health app industry for failing to understand the agency’s Health Breach Notification Rule (HBNR) and for not disclosing its breaches. Apparently dissatisfied with the industry’s response, the agency enforced the HBNR against GoodRx for the first time since the rule … Continue Reading

Healthcare Providers: Add OCR’s Latest Right of Access Settlements to Your Summer Reading List

The Office for Civil Rights (“OCR”) at the U.S. Department of Health and Human Services (“HHS”) announced on July 15, 2022, that it has resolved 11 investigations conducted under the Health Insurance Portability and Accountability Act (“HIPAA”) Right of Access Initiative. These settlements remind providers that, as OCR Director Lisa J. Pino stated, “OCR is … Continue Reading

New FBI Alert to Healthcare Providers – Beware of COVID-19 Phishing Campaigns

Healthcare providers are under siege, not only from the COVID-19 pandemic, but also from cyber criminals.  Following reports of targeted email phishing attempts, the FBI issued a FLASH alert warning healthcare providers on April 21, 2020, that they are at heightened risk for cyber attacks that use COVID-19 as bait.  The FBI’s FLASH alert follows … Continue Reading

COVID-19 Isn’t the Only Virus to Fear: Cybersecurity Attackers Target Hospitals Amidst COVID-19

Among the many obstacles facing businesses as a result of the COVID-19 pandemic are new cyberattacks targeting key infrastructure and industry in the United States. With all the compounding factors making this threat even more dangerous, the spike in cyberattacks was so significant that the International Criminal Police Organization (INTERPOL) has become involved and issued … Continue Reading

OCR Fee Limits for Third Party Directive Record Requests Struck Down

On January 28, 2020, the U.S. Department of Health & Human Services Office for Civil Rights (OCR) issued a notice (the OCR Notice) regarding individuals’ right of access to health records in response to a January 23, 2020 court ruling in the Ciox Health, LLC v. Azar, et al., No. 18-cv-0040 (D.D.C. Jan. 23, 2020) … Continue Reading

Is A Federal Privacy Law In The Cards for 2020?

In May of 2018, the European Union enacted the General Data Protection Rules, or GDPR, a legal framework that outlines not only how companies may collect and process personal information of EU residents, but how that data is stored and used. Since its enactment, GDPR has triggered a global push towards compliance with those standards. … Continue Reading

Paper Prescription Pads to go the Way of the Horse and Buggy as Prescribers Will Soon Be Required to Electronically Transmit Prescriptions – Sometimes

Governor Desantis recently signed House Bill 831, which will require certain healthcare practitioners to “electronically transmit prescriptions”. Unfortunately, the legislature left this term undefined, creating some ambiguity as to what the law requires. While the legislature likely intended this law to require “electronic prescribing,” the statute does not say that, and therefore the term “electronically … Continue Reading

Privacy Policy: The Midterm Effect

Congress has long attempted to grapple with issues of cyber-security, both within the healthcare field, and generally in the United States.  The Health Insurance Portability and Accountability Act (HIPAA), as well as the Health Information Technology for Economic and Clinical Health Act (HITECH) have provided significant compliance requirements for healthcare entities in the area of … Continue Reading

Global Ransomware Attack Makes Healthcare Organizations Wanna Cry

As has been widely reported, on May 12, 2017, organizations around the world, including Britain’s National Health Service, found their data held hostage by actors using a new variant of ransomware called WannaCry. According to news reports, 200,000 computers in more than 150 countries have been hit by the cyberattack which appears to be spread … Continue Reading

April Showers Bring More HIPAA Settlements

April proved to be a busy month for the U.S. Department of Health and Human Services Office for Civil Rights (OCR) under its newly appointed director, Roger Severino. OCR announced three settlements of potential HIPAA violations totaling nearly $3,000,000.00 in fines. The settling parties include a wireless health services provider, a federally-qualified health center (FQHC), and … Continue Reading

Lack of Timely Action and Knowledge of Risk Results in $3.2 Million Civil Monetary Penalty for HIPAA Violations

Children’s Medical Center of Dallas (Children’s) was hit with a $3.2 million civil penalty from the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) for failing to take steps to properly protect patient medical information. The civil penalty is the result of two data breaches caused by a lack of encryption … Continue Reading

New Tools Help Providers Become Smarter Users of Electronic Health Records Systems

Healthcare providers excel at providing care to their patients, not designing IT strategies. Even so, with the trend toward value-based payments increasing, more healthcare providers have turned to electronic health records (EHR) systems to help them fine-tune practice efficiency and improve patient outcomes. The EHR management systems options from which to choose can be dizzying, … Continue Reading

Not a Check-the-Box Exercise: Failure to Have Signed BAA Results in Substantial Fine

A group practice that was the victim of a silver-harvesting scam has agreed to pay the U.S. Department of Health and Human Services (“HHS”) $750,000 to settle charges that it released protected health information (“PHI”) of its patients to a third party vendor without first obtaining a written business associate agreement. Raleigh Orthopaedic Clinic, P.A. … Continue Reading

Prepare for the Unexpected with Data Storage and Retrieval

Last week, a federal court in Illinois encountered another example of unexpected events causing problematic privacy and data storage implications for a healthcare company. The non-profit organization responsible for maintaining the MetroChicago Health Information Exchange (the HIE) filed suit against its information technology support contractor and the contractor’s owner to prevent the contractor’s plan to … Continue Reading

Shhh….OCR Releases New HIPAA Audit Protocol

Just in time for the Phase 2 audits, the Department of Health and Human Services Office for Civil Rights (OCR) quietly posted the updated HIPAA Audit Protocol on its website. The new audit protocol has been updated to include business associates who became subject to HIPAA following the 2013 HIPAA Omnibus Final Rule. The protocol … Continue Reading

The Silent Threats of Breaches to Medical Devices are Starting to Make Noise

The U.S. Food and Drug Administration (FDA), which is responsible for guidance on medical devices, has acknowledged that certain devices are susceptible to breaches. The FDA has identified cybersecurity vulnerabilities in medical devices that could allow unauthorized users to not only access patient information, but also to control the device. The FDA’s oversight comes at … Continue Reading

Evolving Litigation of Data Breach Claims

An Illinois circuit court judge has dismissed five of six claims in a consolidated class action against Advocate Health and Hospital Corporation arising from a data breach in July 2013. The judge’s dismissal with prejudice leaves only a negligence claim, based on a duty to reasonably safeguard information, pending against Advocate.… Continue Reading

Can We Talk? Florida Court Rejects Latest Challenge to Med Mal Presuit Authorization Law

In the latest challenge to a Florida law designed to promote early settlement of meritorious medical malpractice claims, the Florida First District Court of Appeal recently rejected a plaintiff’s arguments that 2013 amendments to the law violated the Florida Constitution. See Weaver v. Myers, Case No. 1D14-3178 (Fla. 1st DCA July 21, 2015). The court also … Continue Reading

Illinois Appellate Court Holds No Standing to Sue for Medical Information Data Breach Where Injury is Speculative

On June 2, 2015, the Second District Illinois Appellate Court affirmed the decisions of two lower courts, which had dismissed breach of privacy cases for lack of standing. The cases were consolidated for the purposes of the appeal. Both cases were brought against Advocate Health and Hospitals Corporation d/b/a Advocate Medical Group (Advocate), an Illinois … Continue Reading

The Top 10 Patient Safety Concerns for Healthcare Organizations in 2015

The Emergency Care Research Institute, (ECRI) Patient Safety Organization (PSO) has issued its 2015 “top 10 list” of safety concerns for multiple healthcare settings, such as hospitals, ambulatory care centers, doctor’s offices and nursing homes.[i] This year’s list is as follows:… Continue Reading

CMS Announces Enforcement of EHR Payment Adjustments in 2015

On December 17, 2014, the Centers for Medicare and Medicaid Services (“CMS”) announced that there would be reductions in Medicare reimbursement for health care providers who do not meet the CMS electronic health record (“EHR”) incentive program’s meaningful use requirements. This announcement comes in the wake of CMS’ decision in October to extend the hardship … Continue Reading

Justice Department Continues to Target Health Care Providers with “Barrier-Free” Initiative

The Department of Justice’s recent settlement with a Chicago-based hospital system is the latest reflecting the agency’s continuing pursuit of claims against health care providers – small and large — who fail to provide adequate service to persons who are deaf or hearing-impaired. Under the settlement, Franciscan St. James Health is required to conduct disability assessments … Continue Reading

Talk Amongst Yourselves: HIPAA Does Not Preempt Florida Med Mal Presuit Authorization Law

A federal appellate court recently concluded that the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) does not preempt a Florida law that requires aggrieved patients to authorize the release of their protected health information as a presuit condition to suing a medical provider for negligence. See Murphy v. Dulay (11th Cir. Oct. 10, … Continue Reading
LexBlog