OCR Phishing Scam: Reminder to Use Caution

On November 28, 2016, the Office for Civil Rights for the Department of Health and Human Services issued an alert notifying providers of a “phishing” email.  According to the alert, the email is being circulated on fake HHS Departmental letterhead under the signature of Jocelyn Samuels, the OCR Director.  Recipients are prompted to click on a link regarding the HIPAA Audit program, however the link takes individuals to a non-governmental website which markets a private firm’s cybersecurity services.  The OCR… Read More >

Are Your Business Associate Agreements Up to Date? Recent Settlement Highlights Importance

Care New England Health System (CNE) recently paid $400,000 to settle allegations of HIPAA violations on behalf of covered entities for which CNE had performed administrative and technical services subject to a business associate agreement. CNE and the covered entities’ failure to update their business associate agreement to conform to the changes required by the HIPAA Omnibus Final Rule was one of the allegations giving rise to the settlement following the loss of unencrypted backup tapes containing protected health information. All covered… Read More >

Michigan Selected as a Market for CMS Primary Care Payment Initiative

The Centers for Medicare & Medicaid Services (CMS) recently announced the 10 states chosen for its Comprehensive Primary Care Plus (CPC+) initiative.  Michigan has been chosen for statewide participation.  In addition to Michigan, the following states were selected on either a state-wide or regional basis:  Arkansas, Colorado, Hawaii, Montana, New Jersey, Oklahoma, Oregon, Rhode Island and Tennessee. CMS will enter into a Memorandum of Understanding with selected third party payors in these states. Payment for services to primary care doctors… Read More >

OCR Announces $650,000 HIPAA Settlement Related to Business Associate’s Failure to Safeguard Nursing Home Residents’ PHI

On June 30, 2016, Department of Health and Human Services’ Office for Civil Rights announced a $650,000 settlement and corrective action plan with Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS). The press release indicates that CHCS was a business associate of six skilled nursing facilities for which it provided management and information technology services. CHCS experienced a breach when a CHCS-issued employee iPhone was stolen. The press release indicates that the iPhone, which was unencrypted and not… Read More >