Any illusion an organization may hold that it is operating “under the radar” of regulators should be shattered in the current compliance environment. Governmental agencies are increasingly able to efficiently coordinate with one another in matters of enforcement, and this post is a good example of that.
Continue Reading Inter-agency Cooperation Nabs HIPAA Violator for HHS
Cautionary Tale for Health Care Providers Subject to HIPAA – Don’t Forget State Law
Posted in HIPAA
This recent Michigan case makes clear that when handling protected health information, HIPAA is not the only game in town. Health care providers also must consider state law protections which, as this and other courts have held, will trump HIPAA when the state laws are more protective.
Continue Reading Cautionary Tale for Health Care Providers Subject to HIPAA – Don’t Forget State Law
Unauthorized Access to Medical Records Under Company Policy and HIPAA Supports Denial of Unemployment Benefits
By Jackson Lewis P.C. on
Posted in HIPAA
A data entry specialist in Minnesota who was fired for accessing medical records on behalf of a colleague was denied unemployment benefits by the Minnesota Court of Appeals in a recent decision that highlights the importance of zero tolerance policies for employers. The unpublished decision, Bingham v. Allina Health System, No. A10-872 (Jan. 11, 2011), involved an…
Where the FMLA and HIPAA Meet
By Joseph J. Lazzarotti on
Posted in HIPAA, Workplace Privacy
In a case addressing the Family Medical Leave Act (FMLA) that directly implicates the privacy rules under the Health Insurance Portability and Accountability Act (HIPAA), Pacosa v. Kaiser Foundation Health Plan of the Northwest, the Portland Division of the United States District Court of Oregon awarded summary judgment against a physician assistant who claimed…
ADA Violated When Employer Responds to State Subpoena and Discloses Former Employee’s Medical Records
By Joseph J. Lazzarotti on
Companies frequently receive requests for information about current and former employees. These requests often come in the form of an attorney’s demand letter or a subpoena and apply to the individual’s medical records. Failing to carefully think through whether and how to respond can be a costly trap for the unwary.
Continue Reading ADA Violated When Employer Responds to State Subpoena and Discloses Former Employee’s Medical Records
HHS to Help Train State Attorneys General to Enforce HIPAA
By Joseph J. Lazzarotti on
While years of lax enforcement may have lulled many HIPAA covered entities and business associates to not take HIPAA seriously, recent activities by HHS, including the recently announced nationwide enforcement training program for State Attorneys General should spur renewed efforts toward compliance.
Continue Reading HHS to Help Train State Attorneys General to Enforce HIPAA
HHS Settlement Follows Enforcement Fine
By Jason C. Gavejian on
Posted in HIPAA
In a uniquely timed second showing of enforcement authority, the Department of Health and Human Services (HHS) announced on February 24, 2011 a one million dollar settlement with a Massachusetts hospital that allegedly breached patient data. This settlement announcement comes only days after HHS announced a 4.3 million dollar HIPAA Privacy Rule fine. The…
HHS’ First Civil Penalty Under HIPAA is $4.3 Million
By Joseph J. Lazzarotti on
The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has imposed its first civil monetary penalty since the Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) became effective in April 2003. HHS issued a Notice of Final Determination finding that Cignet Health of Prince George’s County…
FTC Issues Guidance Addressing Medical Identity Theft
By Joseph J. Lazzarotti on
Last month, the Federal Trade Commission’s Bureau of Consumer Protection posted FAQs on its website to guide health care providers and health plans when their patients and subscribers are affected by medical identity theft.
When most people hear about an identity theft or a data breach, they typically think about credit card data or Social Security…
Employers Beware: Aggrieved Employee Commits Data Breach Affecting 2400 Individuals
As employees become more savvy with electronic communications and employers face increasing challenges with controlling vast amounts of data, the circumstances in this recent San Francisco Examiner story are likely being repeated all over the country – employee takes company information to support her wrongful termination case.
Continue Reading Employers Beware: Aggrieved Employee Commits Data Breach Affecting 2400 Individuals