Flo Health, Inc., which marketed an app used by more than 100 million women interested in tracking their personal menstruation and fertility information, seems to be getting off easily as
Continue Reading Flo Health App Fallout: HIPAA-like Breach Notification Rule Not Enforced by FTC
HITECH
Health Information Technology in NJ – Where Are We Now?
Part 2
Money talks.
In other words, offering financial incentives is one way to effect behavior change. It seems to have worked in getting providers to adopt and use health…
Continue Reading Health Information Technology in NJ – Where Are We Now?
Health Information Technology in NJ – Where Are We Now?
When I need to travel from the southern part of NJ to northern NJ, I often rely on my car or phone GPS and the relative ease and simplicity of…
Continue Reading Health Information Technology in NJ – Where Are We Now?
HIPAA Compliance Trends for 2014
My partner Elizabeth Litten and I were interviewed by Marla Durben Hirsch for her Medical Practice Compliance Alert article “HIPAA, ICD-10 Among 6 Compliance Trends That Will Affect You in …
Continue Reading HIPAA Compliance Trends for 2014
The New and Improved HIPAA/HITECH Rules: What Employers Need to Know
On February 7, 2013, our partner Keith McMurdy, Esq., posted an excellent entry on the Employee Benefits Blog of Fox Rothschild LLP that merits republishing for our readers as well. The post outlined some direct effects of the new HIPAA Omnibus Rule on employers and their health plans.
Continue Reading The New and Improved HIPAA/HITECH Rules: What Employers Need to Know
HIPAA “Mega Rule”, Meet “Super BAA”: The CMS Data Use Agreement
While the undertakings of a Medicare ACO and the terminology in the Data Use Agreement for protection of patient data may differ from those of covered entities, business associates and subcontractors and their BAAs under the HIPAA/HITECH regulations, they have many striking similarities and purposes.
Continue Reading HIPAA “Mega Rule”, Meet “Super BAA”: The CMS Data Use Agreement
OIG Reports Shortcomings In EHR Incentive Oversight
CMS should improve its oversight of its electronic health record incentive program, according to a report by the Office of Inspector General released this month. The government watchdog agency faults…
Continue Reading OIG Reports Shortcomings In EHR Incentive Oversight
PHI Breach Involving Health Plan Leads to Lawsuit by Identity Theft Victims Who Were Plan Members
The principle that individuals whose protected health information is stolen, lost, or otherwise inappropriately used, accessed, or left unsecured have no private right of action against the person or entity responsible for the breach under the HIPAA/HITECH laws may change for victims of identity theft who can show the theft was caused by a HIPAA breach, at least if the action is brought in the 11th Circuit.
Continue Reading PHI Breach Involving Health Plan Leads to Lawsuit by Identity Theft Victims Who Were Plan Members
Employers: Beware of PHI “Minimum Necessary” Standards Lurking Under Statutes Other Than HIPAA and State PHI Statutes
Employers should limit PHI that they provide with respect to medical examinations of employees and job applicants and in other contexts to the least amount of medical information necessary for evaluation in order to avoid potential violations of the Americans with Disabilities Act, the Genetic Information Nondisclosure Act, State workers’ compensation laws and other statutes.
Continue Reading Employers: Beware of PHI “Minimum Necessary” Standards Lurking Under Statutes Other Than HIPAA and State PHI Statutes
Business Associate Breach Leads to $2.5M Settlement by Accretive: But Who is the Covered Entity or Business Associate Here, and Do We Care?
The settlement in the Accretive Health, Inc. PHI breach case provides a good example of how the blurring of the covered entity and business associate roles can backfire on parties that fail to sufficiently analyze and define such roles, not only at the outset of a relationship but throughout its duration and evolution.
Continue Reading Business Associate Breach Leads to $2.5M Settlement by Accretive: But Who is the Covered Entity or Business Associate Here, and Do We Care?