Are Your Business Associate Agreements Up to Date? Recent Settlement Highlights Importance

Care New England Health System (CNE) recently paid $400,000 to settle allegations of HIPAA violations on behalf of covered entities for which CNE had performed administrative and technical services subject to a business associate agreement. CNE and the covered entities’ failure to update their business associate agreement to conform to the changes required by the HIPAA Omnibus Final Rule was one of the allegations giving rise to the settlement following the loss of unencrypted backup tapes containing protected health information. All covered… Read More >

Michigan Selected as a Market for CMS Primary Care Payment Initiative

The Centers for Medicare & Medicaid Services (CMS) recently announced the 10 states chosen for its Comprehensive Primary Care Plus (CPC+) initiative.  Michigan has been chosen for statewide participation.  In addition to Michigan, the following states were selected on either a state-wide or regional basis:  Arkansas, Colorado, Hawaii, Montana, New Jersey, Oklahoma, Oregon, Rhode Island and Tennessee. CMS will enter into a Memorandum of Understanding with selected third party payors in these states. Payment for services to primary care doctors… Read More >

OCR Announces $650,000 HIPAA Settlement Related to Business Associate’s Failure to Safeguard Nursing Home Residents’ PHI

On June 30, 2016, Department of Health and Human Services’ Office for Civil Rights announced a $650,000 settlement and corrective action plan with Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS). The press release indicates that CHCS was a business associate of six skilled nursing facilities for which it provided management and information technology services. CHCS experienced a breach when a CHCS-issued employee iPhone was stolen. The press release indicates that the iPhone, which was unencrypted and not… Read More >

New Guidance on HIPAA Access Issues: Flat Fees Aren’t the Only Option

HHS recently released a Frequently Asked Question (FAQ) clarifying prior guidance on fees that covered entities may permissibly charge individuals for access to the individuals’ electronic medical records. The guidance stated that “per page” fees (as may be permissible under state laws) would not be considered “reasonable” pursuant to HIPAA where electronic medical records are at issue and would therefore be impermissible for requests for electronic medical records.  HHS noted that many states have not updated these “per page” fee… Read More >