CMS Releases Clarification Regarding Texting of Patient Orders

On December 28, 2017, the Director of the CMS Survey and Certification group issued a memorandum clarifying CMS’ stance on the texting of orders.  Specifically, the memorandum notes that a prohibition on texting applies to patient orders, which should be entered into the medical record by a handwritten note or Computerized Provider Order Entry (CPOE) which is immediately downloaded into the patient’s electronic health record, but never through a text message. As far as texting other communications between health care… Read More >

2.5 Million Dollar HIPAA Settlement Highlights Three Important HIPAA Lessons

On April 24, 2017, the Office of Civil Rights (OCR) for the Department of Health and Human Services (the entity in charge of enforcing HIPAA) announced a $2.5 million dollar settlement with CardioNet. CardioNet self-reported (as required by the Breach Notification Rule) an incident where an employee’s laptop was stolen from a locked car.  When OCR investigated the incident, it alleged that CardioNet had not completed a sufficient HIPAA “risk analysis” and had not finalized its policies and procedures. Three… Read More >

OCR Phishing Scam: Reminder to Use Caution

On November 28, 2016, the Office for Civil Rights for the Department of Health and Human Services issued an alert notifying providers of a “phishing” email.  According to the alert, the email is being circulated on fake HHS Departmental letterhead under the signature of Jocelyn Samuels, the OCR Director.  Recipients are prompted to click on a link regarding the HIPAA Audit program, however the link takes individuals to a non-governmental website which markets a private firm’s cybersecurity services.  The OCR… Read More >

OCR Announces $650,000 HIPAA Settlement Related to Business Associate’s Failure to Safeguard Nursing Home Residents’ PHI

On June 30, 2016, Department of Health and Human Services’ Office for Civil Rights announced a $650,000 settlement and corrective action plan with Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS). The press release indicates that CHCS was a business associate of six skilled nursing facilities for which it provided management and information technology services. CHCS experienced a breach when a CHCS-issued employee iPhone was stolen. The press release indicates that the iPhone, which was unencrypted and not… Read More >