OCR Announces $650,000 HIPAA Settlement Related to Business Associate’s Failure to Safeguard Nursing Home Residents’ PHI

On June 30, 2016, Department of Health and Human Services’ Office for Civil Rights announced a $650,000 settlement and corrective action plan with Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS). The press release indicates that CHCS was a business associate of six skilled nursing facilities for which it provided management and information technology services. CHCS experienced a breach when a CHCS-issued employee iPhone was stolen. The press release indicates that the iPhone, which was unencrypted and not… Read More >

New Guidance on HIPAA Access Issues: Flat Fees Aren’t the Only Option

HHS recently released a Frequently Asked Question (FAQ) clarifying prior guidance on fees that covered entities may permissibly charge individuals for access to the individuals’ electronic medical records. The guidance stated that “per page” fees (as may be permissible under state laws) would not be considered “reasonable” pursuant to HIPAA where electronic medical records are at issue and would therefore be impermissible for requests for electronic medical records.  HHS noted that many states have not updated these “per page” fee… Read More >

What are MIPS Scores and Why Should Physicians Care?

The Merit-Based Incentive Program (MIPS) is as program established as a result of the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA).  A proposed rule addressing the MIPS program was released on April 25, 2016 and is scheduled to be published in the Federal Register on May 9, 2016. The MIPS Program will apply to physicians as well as other Medicare Part B clinicians, such as physician assistants, nurse practitioners, clinical nurse specialists, and certified registered nurse anesthetists.  MIPS… Read More >

Lack of HIPAA Business Associate Agreement Proves Costly

The lack of a business associate agreement recently resulted in a $750,000 settlement for alleged HIPAA violations. According to a post on the Department of Health and Human Services website, Raleigh Orthopaedic Clinic  released x-ray films and other protected health information of 17,300 patients to an entity that promised to transfer the images to electronic media in exchange for harvesting the silver from the x-ray films.  This disclosure would have been permissible if a business associate agreement had been in… Read More >