Dignity Health Settles with OCR for $160,000 for Failing to Provide Access to Records

By Linn Foster Freedman on October 21, 2020 Posted in HIPAA

Continuing with its previous enforcement actions centered on covered entities’ failure to provide patients with access to their health records, the Office for Civil Rights (OCR) announced on October 9, 2020 that it entered into a settlement with Dignity Health, doing business as St. Joseph’s Hospital and Medical Center in Phoenix (St. Joseph’s) for $160,000 for failing to respond to multiple requests of a mother for her son’s records. Continue Reading

Data Breach Regulatory Settlements Update

By Linn Foster Freedman on October 21, 2020 Posted in HIPAA, Privacy and Security

Regulatory bodies are upping the ante when it comes to settling with companies that have suffered data breaches. In addition to the below settlements, see also the settlement between the OCR and Dignity Health.

Community Health Systems, Inc. Settles for $5 M in Multi-State Settlement

On October 8, 2020, New Jersey Attorney General Gurbir Grewal (AG) announced that his office has entered into a multi-state settlement agreement with Community Health Systems, Inc. (CHS) stemming from an investigation of a 2014 data breach that exposed personal information of approximately 6.1 million patients, including 45,000 New Jersey residents. This is after CHS agreed to pay $2.3 million in settlement for HIPAA violations alleged by the Office for Civil Rights. Read article

Morgan Stanley Settles with OCC for $60 Million

Morgan Stanley has settled claims by the Office of the Comptroller of the Currency (OCC) that it failed to properly decommission data centers that housed client data of its wealth-management operations two times—once in 2016 and once in 2019 for $60 million. Read article

This post is also being shared on our Data Privacy + Cybersecurity Insider blog. If you’re interested in getting updates on developments affecting data privacy and security, we invite you to subscribe to the blog.

CMS Announces New Telehealth Services Covered by Medicare and Provides States with Medicaid and CHIP Telehealth Expansion Assistance

By Melissa (Lisa) Thompson on October 20, 2020 Posted in Hospitals and Health Systems, Medicare and Medicaid, Physicians and Allied Health Professionals, Reimbursement, Telemedicine

On October 14, 2020, the Centers for Medicare & Medicaid Services (CMS) expanded the list of telehealth services covered by Medicare during the COVID-19 Public Health Emergency. CMS also announced it would be providing additional support to state Medicaid and Children’s Health Insurance Program (CHIP) agencies in delivering telehealth services. CMS added the telehealth services using, for the first time, an expedited process that does not involve rulemaking which had been established by CMS in May 2020. Continue Reading

HIPAA Business Associate Pays $2.3 Million Settlement After Hackers Target PHI of Over 6 Million Individuals

By Jean Tomasco on September 30, 2020 Posted in HIPAA, Privacy and Security

Health care providers and contractors continue to be a popular target for hackers. Recently, CHSPSC LLC (CHSPSC), which provides various services to hospitals and clinics indirectly owned by Community Health Systems, Inc. of Tennessee, agreed to pay $2,300,000 to the Office for Civil Rights (OCR) in settlement of potential violations of HIPAA’s Privacy and Security Rules. The OCR investigation and settlement stemmed from a data breach affecting over six million people. Continue Reading

OCR Settles Five Investigations Under Right of Access Initiative

By Linn Foster Freedman on September 17, 2020 Posted in HIPAA, Privacy and Security

The Office for Civil Rights (OCR) announced yesterday that it has settled five investigations in its HIPAA Rights to Access Initiative (Initiative), which it announced would be an enforcement priority for it starting in 2019. The Initiative is “to support individuals’ right to timely access to their health records at a reasonable cost under the HIPAA Privacy Rule.”

The addition of the five recent settlements brings the total to seven for OCR’s enforcement of the Initiative. The OCR’s press release states that the recent settlement involve five entities: Housing Works, Inc., All Inclusive Medical Services, Inc., Beth Israel Lahey Health Behavioral Sciences and King MD. Continue Reading

CMS Extends Timeline for Finalizing Changes to Physician Self-Referral (Stark) Law Regulations to August 2021

By Conor Duffy on August 31, 2020 Posted in Academic Medical Centers, COVID-19, False Claims Act, Fraud and Abuse, Government Enforcement, Hospitals and Health Systems, Legislation, Medicare and Medicaid, Physicians and Allied Health Professionals, Privacy and Security, Reimbursement, Stark Law

On August 24, 2020, the Centers for Medicare & Medicaid Services (CMS) announced an “extension of the timeline” for publication of a final rule addressing changes to the Physician Self-Referral Law (or Stark Law) regulations. In its announcement, CMS set a new deadline of August 31, 2021 for publication of a final rule. Continue Reading

COVID-19 Pandemic Brings Telehealth into U.S. Homes

By Conor Duffy and Peter Struzzi on August 14, 2020 Posted in COVID-19, Telehealth

Excerpt of a contributed article published in Medical Economics on August 13, 2020.

The public health emergency (PHE) caused by the COVID-19 pandemic has resulted in systemic changes throughout the nation’s health care system. Almost overnight, health systems, providers and the government were forced to collaborate to ‘stand up’ field hospitals, testing sites, and quarantine procedures, while postponing or cancelling certain elective procedures and ceasing in-person encounters. One of the most significant developments in the response to COVID-19 has been government support for the expansion of telehealth services, which represents a significant departure from longstanding resistance – in the form of regulatory restrictions, payment policies, licensure restrictions, and privacy concerns – to the provision of health care via telehealth. Most recently, the President issued an Executive Order that directs the Secretary of the Department of Health and Human Services (HHS) to propose regulations to codify some of the key telehealth changes, and notes that almost half of Medicare fee-for-service primary care visits during the month of April were provided via telehealth.

This article provides a high-level overview of those changes, highlights key issues for health care providers to monitor as federal and state governments, physicians and patients continue to battle the COVID-19 pandemic, and considers how the post-COVID-19 health care landscape will look for telehealth services. Read the full article.

Connecticut Authorizes Out-of-State Health Care Practitioners to Render Assistance for Remainder of COVID-19 Pandemic

By Conor Duffy on July 29, 2020 Posted in Academic Medical Centers, Ambulance, Ambulatory Surgical Centers (ASC), Commercial Health Insurance, COVID-19, EMTALA, Government Enforcement, Hospitals and Health Systems, Legislation, Managed Care, Medical Staff and Peer Review, Pharmacy Law, Physicians and Allied Health Professionals, Reimbursement, Telemedicine

On July 14, 2020 Connecticut Governor Lamont issued Executive Order No. 7HHH, in which the Governor modified state law to enable the Commissioner of the Department of Public Health (DPH) to temporarily suspend licensure, registration and certification requirements for certain DPH-regulated practitioners for the duration of the state public health and civil preparedness emergency. Notably, in that Executive Order, the Governor stated that “healthcare providers from outside Connecticut have greatly enhanced the provision of healthcare services in Connecticut during the COVID-19 pandemic and thereby fundamentally improved the state’s ability to protect public health at critical time.” Continue Reading

Health Care Providers Continue to Be Hit with Ransomware and Phishing

By Linn Foster Freedman on July 10, 2020 Posted in Privacy and Security

It doesn’t matter in which state you are located, how many patients you treat, what kind of medicine you practice or how many employees you have, if you are a health care provider, you are being targeted and hackers are successful in victimizing you.

That’s my take on the recent Becker’s Health IT article that lists 66 healthcare providers around the country that have suffered a cyber-attack in the form of malware, ransomware or a phishing attack in the first six months of 2020. Although we know that health care providers are being targeted, the list of incidents is sobering.

The only thing that the 66 companies have in common is that they are healthcare providers and the attacks were successful. The list confirms the stark reality of the risk healthcare providers face from cyber-attacks.

CMS Releases Guidance on the Allowance of Telehealth Encounters in eCQMs

By Conor Duffy on July 7, 2020 Posted in COVID-19, Hospitals and Health Systems, Legislation, Medicare and Medicaid, Physicians and Allied Health Professionals, Reimbursement, Telemedicine

On July 2, 2020, the Centers for Medicare and Medicaid Services (CMS) released guidance documents on the allowance of telehealth encounters for the Eligible Professional and Eligible Clinician electronic clinical quality measures (eCQMs) used in CMS quality reporting programs for the 2020 and 2021 performance periods. The guidance applies to eCQMs used in the:

Quality Payment Program: The Merit-based Incentive Payment System (MIPS) and Advanced Alternative Payment Models (Advanced APMs)
APM: Comprehensive Primary Care Plus (CPC+)
APM: Primary Care First (PCF)
Medicaid Promoting Interoperability Program for Eligible Professionals

This Blog/Website is made available by the lawyer or law firm publisher for educational purposes only as well as to give you general information and a general understanding of the law, not to provide specific legal advice. By using this blog site you understand that there is no attorney client relationship between you and the Blog/Website publisher. The Blog/Website should not be used as a substitute for competent legal advice from a licensed professional attorney in your state. Any opinions expressed on this Blog/Website are opinions only of the author, expressed at the time the material is written based on information available to the author at that time, and are not opinions of the author's law firm or any of the author's or the law firm's clients. Regulations and other government action and guidance referenced on this Blog/Website have not necessarily been subject to judicial review and scrutiny. This Blog/Website is not intended to be attorney advertising. To the extent it might be deemed to be attorney advertising, it should not be considered advertising or to be seeking legal work in any jurisdiction in which the author is not admitted to practice law.