Government report says HIPAA enforcement not sufficient to protect electronic health information and recommends more audits. The result may be more “compliance reviews,” audits, for covered entities and business associates.
Continue Reading HHS’ Office of Inspector General Recommends More HIPAA Audits
Hospitals Fire 32 Employees for Medical Privacy Breach
By Jackson Lewis P.C. on
Posted in HIPAA
The Minneapolis Star Tribune has reported that two hospitals in Anoka County, Minnesota, terminated a combined total of 32 employees for unauthorized access of electronic medical records on May 6, 2011. The two hospitals, Unity Hospital in Fridley, Minnesota and Mercy Hospital in Coon Rapids, Minnesota, are both part of the Allina Health System. In April, the Minnesota Court…
Inter-agency Cooperation Nabs HIPAA Violator for HHS
By Joseph J. Lazzarotti on
Any illusion an organization may hold that it is operating “under the radar” of regulators should be shattered in the current compliance environment. Governmental agencies are increasingly able to efficiently coordinate with one another in matters of enforcement, and this post is a good example of that.
Continue Reading Inter-agency Cooperation Nabs HIPAA Violator for HHS
Cautionary Tale for Health Care Providers Subject to HIPAA – Don’t Forget State Law
Posted in HIPAA
This recent Michigan case makes clear that when handling protected health information, HIPAA is not the only game in town. Health care providers also must consider state law protections which, as this and other courts have held, will trump HIPAA when the state laws are more protective.
Continue Reading Cautionary Tale for Health Care Providers Subject to HIPAA – Don’t Forget State Law
Unauthorized Access to Medical Records Under Company Policy and HIPAA Supports Denial of Unemployment Benefits
By Jackson Lewis P.C. on
Posted in HIPAA
A data entry specialist in Minnesota who was fired for accessing medical records on behalf of a colleague was denied unemployment benefits by the Minnesota Court of Appeals in a recent decision that highlights the importance of zero tolerance policies for employers. The unpublished decision, Bingham v. Allina Health System, No. A10-872 (Jan. 11, 2011), involved an…
Where the FMLA and HIPAA Meet
By Joseph J. Lazzarotti on
Posted in HIPAA, Workplace Privacy
In a case addressing the Family Medical Leave Act (FMLA) that directly implicates the privacy rules under the Health Insurance Portability and Accountability Act (HIPAA), Pacosa v. Kaiser Foundation Health Plan of the Northwest, the Portland Division of the United States District Court of Oregon awarded summary judgment against a physician assistant who claimed…
ADA Violated When Employer Responds to State Subpoena and Discloses Former Employee’s Medical Records
By Joseph J. Lazzarotti on
Companies frequently receive requests for information about current and former employees. These requests often come in the form of an attorney’s demand letter or a subpoena and apply to the individual’s medical records. Failing to carefully think through whether and how to respond can be a costly trap for the unwary.
Continue Reading ADA Violated When Employer Responds to State Subpoena and Discloses Former Employee’s Medical Records
HHS to Help Train State Attorneys General to Enforce HIPAA
By Joseph J. Lazzarotti on
While years of lax enforcement may have lulled many HIPAA covered entities and business associates to not take HIPAA seriously, recent activities by HHS, including the recently announced nationwide enforcement training program for State Attorneys General should spur renewed efforts toward compliance.
Continue Reading HHS to Help Train State Attorneys General to Enforce HIPAA
HHS Settlement Follows Enforcement Fine
By Jason C. Gavejian on
Posted in HIPAA
In a uniquely timed second showing of enforcement authority, the Department of Health and Human Services (HHS) announced on February 24, 2011 a one million dollar settlement with a Massachusetts hospital that allegedly breached patient data. This settlement announcement comes only days after HHS announced a 4.3 million dollar HIPAA Privacy Rule fine. The…
HHS’ First Civil Penalty Under HIPAA is $4.3 Million
By Joseph J. Lazzarotti on
The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has imposed its first civil monetary penalty since the Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) became effective in April 2003. HHS issued a Notice of Final Determination finding that Cignet Health of Prince George’s County…