By Philip L. Gordon At approximately one-half the length of War and Peace, the recently published Omnibus Final Rule, (pdf) which modifies the HIPAA Privacy, Security and Enforcement Rules and implements the HIPAA Breach Notification Rule, can overwhelm in-house employment, benefits, and privacy counsel as well as human resources and benefits professionals trying to discern the… Continue Reading
Category Archives: Medical Privacy and HIPAA
Subscribe to Medical Privacy and HIPAA RSS FeedEEOC Files Suit Against Hospital for Reviewing Applicant’s Hospital Records
By Gregory Brown Blurring the line between employer and provider may be risky business for healthcare institutions. A regional healthcare system’s policy of accessing patient records of job applicants recently landed the system in hot water with the Equal Employment Opportunity Commission (EEOC). On September 26, 2012, the EEOC filed a complaint against Aurora Health… Continue Reading
Recently Enacted New Jersey Law Shines Spotlight on Critical Social Media Issue for Healthcare Employers
By Philip Gordon and Inna Shelley When the photographs and videos flooding social media include images of patients or the victims of an accident or crime, it gives human resources professionals, compliance officers and in-house employment counsel at healthcare facilities heartburn and forces them to spring into action. In the past several years, dozens of… Continue Reading
Potential HIPAA Violation Leads to $750,000 Settlement
By John Doran The Attorney General for the Commonwealth of Massachusetts reached an agreement with South Shore Hospital over claims the hospital failed to protect confidential health information for hundreds of thousands of consumers. The Attorney General filed the lawsuit under both state information security laws and the federal Health Insurance Portability and Accountability Act… Continue Reading
$1.5M HIPAA Settlement Sends Message to Employers
Yesterday’s $1.5M “Resolution Agreement” between Blue Cross Blue Shield of Tennessee and the U.S. Department of Health and Human Services, the agency responsible for enforcing HIPAA, is the fourth major settlement announced by HHS in the past 15 months and the third to exceed seven figures. This settlement has several important messages for employers. To learn… Continue Reading
HHS HIPAA Penalties Send Employers and Providers a Message
Two days after announcing its first-ever HIPAA penalty, a whopping $4.3 million imposed against Cignet Health of Prince George’s County, Maryland, HHS announced that a large Massachusetts hospital had agreed to pay $1 million to avoid a penalty proceeding. Although the hospital did not admit liability and did not pay a penalty, the settlement demonstrates… Continue Reading
Hospital’s Post-Offer Medical Questions May Violate ADA, Title VII, and Employee Privacy Rights
By David Goldstein According to a Michigan federal district court decision, Garlitz v. Alpena Regional Medical Center, a hospital may be liable for violations of the Americans with Disabilities Act (ADA), Title VII, and violation of privacy rights for withdrawing an employment offer to a medical technologist after she refused to answer a post-offer, preemployment… Continue Reading
HIPAA Privacy and Security Audits Begin in November 2011
The HITECH Act, enacted as part of the American Recovery and Reinvestment Act of 2009, requires the United States Department of Health and Human Services (“HHS”) to perform periodic audits of covered entities and business associates to ensure compliance with the privacy and security rules under the Health Insurance Portability and Accountability Act of 1996… Continue Reading
HHS’ One-Two HIPAA Penalty Punch Sends a Message to Employers and Providers
Two days after announcing its first-ever HIPAA penalty, a whopping $4.3 millionimposed against Cignet Health of Prince George’s County, Maryland, HHS announced that a large Massachusetts hospital had agreed to pay $1 million to avoid a penalty proceeding. Although the hospital did not admit liability and did not pay a penalty, the settlement demonstrates how… Continue Reading
Agency’s Withdrawal of HIPAA Security Breach Notification Regulations Creates Uncertainty for Employers and Health Care Providers
In a two-paragraph press release recently posted on its website, the U.S. Department of Health and Human Services (HHS) announced the withdrawal of its interim final regulations addressing security breach notification for breaches that involve protected health information (PHI) subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The interim final regulations… Continue Reading
Enhanced HIPAA Penalties Raise Stakes for Employers and Health Care Providers Responding to a Security Breach
While HIPAA’s recently enhanced penalty provisions and newly enacted security breach notification requirements have each received a significant amount of attention, the connection between them and its significant implications for employers and health care providers subject to HIPAA have not. Most significantly, because of the enhanced penalties, it is critical that covered entities conduct a… Continue Reading
Jail Time for Physician’s HIPAA Violation Highlights Need to Redouble Compliance Efforts
A visiting cardiothoracic surgeon from China, working as a researcher at UCLA School of Medicine, became the first person sentenced to prison for unauthorized access to medical records in violation of HIPAA. The few criminal convictions for HIPAA violations to date have involved monetary gain, such as a hospice worker’s use of patient records to… Continue Reading