New Guidance on HIPAA Access Issues: Flat Fees Aren’t the Only Option

HHS recently released a Frequently Asked Question (FAQ) clarifying prior guidance on fees that covered entities may permissibly charge individuals for access to the individuals’ electronic medical records. The guidance stated that “per page” fees (as may be permissible under state laws) would not be considered “reasonable” pursuant to HIPAA where electronic medical records are at issue and would therefore be impermissible for requests for electronic medical records.  HHS noted that many states have not updated these “per page” fee… Read More >

What are MIPS Scores and Why Should Physicians Care?

The Merit-Based Incentive Program (MIPS) is as program established as a result of the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA).  A proposed rule addressing the MIPS program was released on April 25, 2016 and is scheduled to be published in the Federal Register on May 9, 2016. The MIPS Program will apply to physicians as well as other Medicare Part B clinicians, such as physician assistants, nurse practitioners, clinical nurse specialists, and certified registered nurse anesthetists.  MIPS… Read More >

Lack of HIPAA Business Associate Agreement Proves Costly

The lack of a business associate agreement recently resulted in a $750,000 settlement for alleged HIPAA violations. According to a post on the Department of Health and Human Services website, Raleigh Orthopaedic Clinic  released x-ray films and other protected health information of 17,300 patients to an entity that promised to transfer the images to electronic media in exchange for harvesting the silver from the x-ray films.  This disclosure would have been permissible if a business associate agreement had been in… Read More >

Recent 3.9 Million HIPAA Settlement Over Improper Disclosure of Research Participant PHI Highlights Need for HIPAA Compliance

On March 17, 2016, the Department of Health and Human Services Office for Civil Rights (OCR) announced a $3.9 million settlement with Feinstein Institute for Medical Research for potential violations of the HIPAA Security Rules. OCR began an investigation after Feinstein filed a breach report indicating that a laptop computer containing electronic protected health information (ePHI) of approximately 13,000 patients and research participants was stolen from an employee’s car. The ePHI at issue included research participant names, dates of birth,… Read More >