Are Your Business Associate Agreements Up to Date? Recent Settlement Highlights Importance

Care New England Health System (CNE) recently paid $400,000 to settle allegations of HIPAA violations on behalf of covered entities for which CNE had performed administrative and technical services subject to a business associate agreement. CNE and the covered entities’ failure to update their business associate agreement to conform to the changes required by the HIPAA Omnibus Final Rule was one of the allegations giving rise to the settlement following the loss of unencrypted backup tapes containing protected health information. All covered… Read More >


Chief Administrative Law Judge Chappell issued an initial decision in the Federal Trade Commission action against LABMD, Inc., dismissing the case against the now defunct LABMD.   In his decision ALJ Chappell determined that: “To impose liability for unfair conduct under Section 5(a) of the FTC Act, where there is no proof of actual injury to any consumer, based only on an unspecified and theoretical “risk” of a future data breach and identity theft injury, would require unacceptable speculation and would… Read More >

FDA Guidelines on Cybersecurity for Medical Devices

On October 2, 2014 the Food and Drug Administration (FDA) issued guidelines for the Management of Cybersecurity in Medical Devices.   The document notes these are guidelines and not legally enforceable responsibilities.  However, with the health care world facing significant risk from hackers, medical device companies should be aware that failure to maintain cybersecurity can result in compromised device functionality, loss of data (medical or personal), or exposure of other connected devices or networks to security threats. The guidelines recommend that… Read More >

Caremark Settles False Claims Act Allegations

On Friday, the U.S. Department of Justice announced that Caremark, LLC will pay $6 million to settle allegations under the False Claims Act.  The U.S. government alleged that Caremark knowingly failed to reimburse Medicaid for prescription drug costs who also were eligible for coverage under Caremark private health plans. The government alleged that Caremark’s RxCLAIM computer platform allegedly failed to pay the full amount due on certain claims because it improperly deducted certain co-payment or deductible amounts when calculating payments. … Read More >