HHS Increases Civil Monetary Penalties for HIPAA Violations

Under federal government logic, when the cost of living goes up, the amounts of monetary penalties for violations of certain federal laws must go up too. So, in November of 2021, the Department of Health and Human Services announced that it was raising the civil monetary penalties for each of the four tiers of HIPAA violations. The new dollar values are discussed below. [...]

2021-12-02T16:37:39-05:00December 1st, 2021|

ePHI Security Emphasized in HHS Summer Newsletter

Although the HHS has long stressed the importance of ePHI security, with the influx of healthcare breaches, it is clear that many organizations have not heeded the warning. With an increase in breaches across all industries, cybersecurity has become the focus of many government agencies including the HHS. Earlier this month the HHS published its “Summer 2021 Cybersecurity Newsletter” further emphasizing the importance of information access [...]

2021-07-30T13:26:38-04:00July 30th, 2021|

Reading the 5th: What the Recent Fifth Circuit HIPAA Case Means to You

The Department of Health and Human Services’ (HHS) Office for Civil Rights enforces HIPAA compliance by imposing civil monetary penalties (CMPs) on HIPAA covered entities for violations of the HIPAA Privacy and Security Rules. Practices may appeal the monetary determination in civil court. Almost all appeals to date have been unsuccessful. Almost. On January 14, 2021, the United States Court of Appeals for the Fifth Circuit (“5th Circuit”) [...]

2021-02-03T16:09:41-05:00February 3rd, 2021|

September OCR Fines Reach $10.7 Million

The OCR seems to be on a fines spree, with a record number of fines issued in September. There were eight September OCR fines issued, amounting to $10,736,500. More details on September OCR fines are discussed below. September OCR Fines: Violating HIPAA Right of Access The HIPAA Right of Access gives patients the right to request copies of their medical records from their healthcare provider. Requested records must [...]

2020-11-16T09:02:38-05:00October 1st, 2020|

$678 Million Healthcare Settlement Reached with Novartis

Novartis, a pharmaceutical company, agreed to a $678 million healthcare settlement with the Department of Justice (DOJ). Novartis was accused of violating the Anti-Kickback Statute (AKS) and False Claims Act (FCA) by having healthcare providers attend and speak at events to entice providers to prescribe Novartis to their patients. The details of the healthcare settlement are discussed below. What Did Novartis Do [...]

2021-01-14T13:23:47-05:00August 26th, 2020|

HHS Amends Substance Abuse Records Confidentiality Rules

Recently, the 42 CFR Part 2 regulations, which serve to protect substance abuse disorder patient records, were revised. Their revised regulation facilitates better coordination of care in response to the opioid epidemic, while maintaining confidentiality of substance abuse records. How Have the Substance Abuse Records Confidentiality Rules Changed? The new substance abuse records confidentiality rules do not alter the basic framework for confidentiality protection of substance use disorder (SUD) [...]

2020-11-16T09:02:50-05:00July 23rd, 2020|

The HHS To-Do List: HHS Privacy and Security Regulatory Priorities

The Health Insurance Portability and Accountability Act of 1996, or HIPAA, has not undergone significant regulatory change since 2013. Since then, HHS privacy and security initiatives have been proposed. These HHS privacy and security initiatives remain stalled, for the most part. HHS has announced that it intends to tackle some of these HHS privacy and security regulatory initiatives in 2020. Are you following HIPAA law?  Find out if your [...]

2020-11-16T09:02:51-05:00July 14th, 2020|

Leap Year Law and the HIPAA Breach Notification Deadline

Is there such a thing as a leap year law? Once every four years (e.g., 2000, 2004, 2008, 2012), there is a February 29th. Years with this extra calendar date are, of course, called leap years. The existence of an extra day in a year can change a legal deadline. This year, because there is an extra day, February 29, the breach notification deadline for [...]

2020-12-18T14:58:04-05:00February 5th, 2020|

HIPAA Privacy Complaints Lead to More Informal Intervention Efforts

The numbers seem to paint an odd picture. In 2018, the federal Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) received 25,912 health information privacy complaints - HIPAA privacy complaints relating to the HIPAA Privacy Rule and the HIPAA Security Rule. The annual number of HIPAA privacy complaints has gone up each year since 2015.  The number of HIPAA privacy complaints - and required corrective [...]

2020-01-06T16:53:29-05:00January 6th, 2020|

Electronic Health Information Exchange and HIPAA

Under the HIPAA Privacy Rule, the use or disclosure of protected health information (PHI) is permitted for treatment purposes. Electronic health information exchange - a method of data transmission allowing healthcare professionals and patients to access and secure PHI electronically - facilitates quality treatment, without running afoul of the HIPAA Privacy Rule or the HIPAA Security Rule. What is Electronic Health Information Exchange? Electronic health information exchange (HIE) is [...]

2021-07-30T15:43:07-04:00January 3rd, 2020|