Header graphic for print
HIPAA, HITECH & HIT Legal Issues, Developments and Other Pertinent Information Relating To The Creation, Use and Exchange of Electronic Health Records

Tag Archives: HIPAA

Doctor is Arrested for Allegedly Stealing Thousands of Patient Records

Posted in Privacy & Security

Our partner Elizabeth Litten and I were quoted by our good friend Marla Durben Hirsch in her recent article in Medical Practice Compliance Alert entitled “Doctor is Arrested for Stealing Thousands of Patient Records.”  While the full text can be found in the February 16, 2015 issue of Medical Practice Compliance Alert, the following considerations… Continue Reading

When HIPAA Applies to Patient Assistance Programs (and When it Doesn’t), Part 2

Posted in Privacy & Security

I posed a question in Part 1 of this post which I will summarize here:  is personal health information provided to a Patient Assistance Program (PAP) in order to help with covering the cost of prescription drugs protected as “protected health information” (PHI) under HIPAA? Let’s use two examples.  Say Patient A, who knows he… Continue Reading

MINNESOTA BLUES GET HEALTH RECORDS SNOOPING BLUES

Posted in Articles, HIPAA Enforcement, Security Breach Notification

A registered nurse employed by Minnesota Blue Cross Blue Shield (BC/BS) with a history of drug offenses allegedly accessed a prescription drug database 249 times without a legitimate purpose, according to a report by Minneapolis CBS affiliate WCCO posted by reporter Esme Murphy. The nurse, Jim Johnson, reportedly had been previously assigned by BC/BS under… Continue Reading

When HIPAA Applies to Patient Assistance Programs (and When It Doesn’t)

Posted in Privacy & Security

Patient Assistance Programs (PAPs) have proliferated in recent years, despite the fact that many commonly-prescribed medications have lost patent protection and the Affordable Care Act (ACA) has attempted to eliminate pre-existing condition discrimination by insurance companies.  Still, drug costs remain unaffordable to many patients, particularly those with high-cost, chronic conditions, even when patients have insurance… Continue Reading

Protecting Health Information in the Context of Divorce Proceedings and Domestic Relations – Part III

Posted in Privacy & Security, Sensitive Health Information

(Part III continues Part I and Part II of this series on privacy of health information in the domestic relations context, which may be found here and here. Capitalized words not defined in this Part III shall have the meanings assigned in Part I or Part II.) 6. The situation can be further complicated by… Continue Reading

Protecting Health Information in the Context of Divorce Proceedings and Domestic Relations – Part II

Posted in Privacy & Security, Sensitive Health Information

(Part I of this series on privacy of health information in the domestic relations context may be found here. Capitalized words not defined in this Part II shall have the meanings assigned in Part I.) Tips on dealing with IHI Issues in the Domestic Relations Context 1. Whether an individual is in a stable domestic relations… Continue Reading

Protecting Health Information in the Context of Divorce Proceedings and Domestic Relations – Part I

Posted in Privacy & Security, Sensitive Health Information

The November 2014 ruling in the Connecticut Supreme Court in the case of Byrne v. Avery Center for Obstetrics and Gynecology, P.C., — A.3d —-, 2014, WL 5507439 (2014) (the “Byrne case”) has been discussed in a number of posts on this blog, including those here and here. The main focus of such posts has… Continue Reading

“Digital Quarantine” or Vaccination? What Cybersecurity Experts Can Learn from Health Care

Posted in Health IT, Privacy & Security

Perhaps the health care industry has a cybersecurity solution staring us in the face:  vaccines.  Perhaps we should be trying to vaccinate our data storage systems rather than relying on firewalls to quarantine them.  In an article posted on www.philly.com, Associated Press author Youkyung Lee says cybersecurity defense has traditionally been based “on the idea… Continue Reading

Basic HIPAA Question for Mobile Health Application Developers: What Are You?

Posted in Health IT, Privacy & Security

Health-related technology has developed light-years faster than health information privacy and security protection laws and policies, and consumers can find new mobile health applications for a wide range of purposes ranging from diabetes management to mole or rash evaluation to fitness tracking.  Smart mobile app developers wondering when and how HIPAA privacy and security requirements… Continue Reading

Not All Sensitive Health Information is Protected Health Information Under HIPAA

Posted in Sensitive Health Information

Recently our partner Keith R. McMurdy posted an entry on the Fox Rothschild Employee Benefits Legal Blog entitled “HIPAA Medical Privacy Matters: Court Permits ADA Claim to Proceed.”  While the full text of the excellent blog posting can be found here, I thought that a specific HIPAA point in Keith’s posting was well worth emphasizing: … Continue Reading

Medicare ACO Claims Data Sharing and Opt-Out, Take 2

Posted in Privacy & Security

I had an interesting conversation with Mike Barrett, Chairman of the National Association of ACOs, as a result of my January 7th post on the Medicare beneficiary opt-out process described in Medicare Shared Savings Program (“MSSP”) regulations proposed by the Centers for Medicare & Medicaid Services (“CMS”).  My blog post meant to highlight a proposed… Continue Reading

New NJ Standard More Stringent than HIPAA

Posted in New Jersey

New Jersey Governor Chris Christie signed a bill (S.562) into law on January 9, 2015 that will impose a standard more stringent than HIPAA on health insurance carriers authorized (i.e., licensed) to issue health benefits plans in New Jersey.  Effective August 1, 2015, such carriers will be required to secure computerized records that include certain personal… Continue Reading

“No” to ACO Data Sharing? Proposed Rules Tweak Medicare Beneficiary Opt-Out Notice Procedure

Posted in HIPAA Enforcement, Privacy & Security

Medicare beneficiaries whose healthcare providers participate in an Accountable Care Organization (ACO) under the Medicare Shared Savings Program (MSSP) may want to add the Centers for Medicare & Medicaid Services (CMS) website, “Medicare & You”, to their lists of favorite internet links if they don’t want their Medicare claims data shared.  Proposed rules published by… Continue Reading

HIPAA Holiday Cheer (Lament?)

Posted in HIPAA Enforcement

On the twelfth day of breaches my hacker sent to me: Twelve Data Downloads Eleven Plundered Patches Ten Missed BA Contracts Nine Malware Installs Eight Mis-sent Faxes Seven Stolen Laptops Six Snooping Staffers Five Old NPPs Four Lost Thumbdrives Three Re-sent Texts Two Pop-up Links … And a Bill for Compliance Auditing. For a glimpse… Continue Reading

Connecticut “Opens Floodgates” for HIPAA Litigation

Posted in Lawsuits, Privacy & Security

My partner Elizabeth Litten and I were recently interviewed for an article entitled “Connecticut ‘opens floodgates’ for HIPAA litigation” published in “Privacy this Week” by DataGuidance. The full text of the article can be found in the November 13, 2014 issue of “Privacy this Week,” but a discussion of the article is set forth below.… Continue Reading

Celebrities’ Health Information Compromised by Sony Hacking

Posted in Privacy & Security, Sensitive Health Information

Fox Rothschild partner Scott Vernick recently appeared as a guest on the Willis Report to discuss the fallout of the hacking of Sony Pictures Entertainment.  Click here to view the segment.  Celebrities’ individually identifiable health information, some of which appears to be protected health information (“PHI”) under HIPAA, was among the sensitive personal data hacked… Continue Reading

Michael Kline’s “List of Considerations” for Indemnification Provisions in Business Associate Agreements

Posted in Privacy & Security

I strongly urge every covered entity and business associate faced with a Business Associate Agreement that includes indemnification provisions to read Michael Kline’s “List of Considerations” before signing.  Michael’s list, included in an article he wrote that was recently published in the American Health Lawyers Association’s “AHLA Weekly” and available here, highlights practical and yet not obvious considerations.  For example,… Continue Reading

Connecticut Supreme Court Decision Depicts Rubik’s Cube of Federal and State Privacy and Security Compliance

Posted in Privacy & Security

As if compliance with the various federal privacy and data security standards weren’t complicated enough, we may see state courts begin to import these standards into determinations of privacy actions brought under state laws. Figuring out which federal privacy and data security standards apply, particularly if the standards conflict or obliquely overlap, becomes a veritable… Continue Reading

Connecticut Supreme Court Recognizes Individual’s Right for State Tort Action Using HIPAA as Standard of Care

Posted in HIPAA Business Associates

The Connecticut Supreme Court handed down a decision in the case of Byrne v. Avery Center for Obstetrics and Gynecology, P.C., — A.3d —-, 2014 WL 5507439 (2014) that [a]ssuming, without deciding, that Connecticut’s common law recognizes a negligence cause of action arising from health care providers’ breaches of patient privacy in the context of… Continue Reading

Patient Support Groups, Email and the Duty to Warn

Posted in Privacy & Security

I was recently asked whether the sending of an unencrypted group email to participants in a health-related support group violated HIPAA.  Faithful blog readers can guess my first question:  “Was the sender a covered entity, business associate, or subcontractor?”  Many support group entities are non-profit organizations staffed by volunteers and do not meet the definition… Continue Reading

Medical Device, “Heal Thyself” from Data Hacking

Posted in Privacy & Security

Innovative health care-related technology and developing telemedicine products have the potential for dramatically changing the way in which health care is accessed.  The Federation of State Medical Boards (FSMB) grappled with some of the complexities that arise as information is communicated electronically in connection with the provision of medical care and issued a Model Policy… Continue Reading