Lack of HIPAA Business Associate Agreement Proves Costly

The lack of a business associate agreement recently resulted in a $750,000 settlement for alleged HIPAA violations. According to a post on the Department of Health and Human Services website, Raleigh Orthopaedic Clinic  released x-ray films and other protected health information of 17,300 patients to an entity that promised to transfer the images to electronic media in exchange for harvesting the silver from the x-ray films.  This disclosure would have been permissible if a business associate agreement had been in… Read More >

Recent 3.9 Million HIPAA Settlement Over Improper Disclosure of Research Participant PHI Highlights Need for HIPAA Compliance

On March 17, 2016, the Department of Health and Human Services Office for Civil Rights (OCR) announced a $3.9 million settlement with Feinstein Institute for Medical Research for potential violations of the HIPAA Security Rules. OCR began an investigation after Feinstein filed a breach report indicating that a laptop computer containing electronic protected health information (ePHI) of approximately 13,000 patients and research participants was stolen from an employee’s car. The ePHI at issue included research participant names, dates of birth,… Read More >

OCR To Begin HIPAA Audits of Covered Entities and Business Associates

The HHS Office for Civil Rights (OCR) announced on March 21, 2016 that it has launched “Phase 2” of its HIPAA Audit Program. OCR will audit the policies and procedures of both covered entities and their business associates.  OCR stated that the audits will be performed primarily as “desk audits” although some on-site audits may also be conducted. Covered entities and business associates selected for audit will first receive an email requesting verification of its contact information.  OCR is alerting… Read More >

DOJ Announces $3.2 Million Settlement with California Hospital Over Alleged Stark Law Violations

The Department of Justice recently announced a $3.2 Million settlement with Tri-City Medical Center related to allegations it violated the Stark Law and False Claims Act.  Tri-City Medical Center, a hospital in Oceanside, California, allegedly maintained financial arrangements with community-based physicians and physician groups that failed to comply with the Stark Law.   Stark, the physician self-referral law, forbids a hospital from billing Medicare for certain services referred by physicians who have a financial relationship with the hospital unless that… Read More >