Skip to content

New Jersey Attorney General (AG) Gurbir S. Grewal announced on November 2, 2020, that his office has settled with ShopRite’s parent company, Wakefern Food Corp. (Wakefern) and two of its supermarket entities for $235,000 for a data breach that occurred in 2016.

According to the press release, the AG alleged that Wakefern violated HIPAA and the New Jersey Consumer Fraud Act (CFA) by “failing to properly dispose of electronic devices used to collect the signatures and purchase information of pharmacy customers” in its Kingston and Millville ShopRite stores.
Continue Reading ShopRite Settles with New Jersey AG for Data Breach

On October 27, 2020, the FBI and the Department of Homeland Security (DHS) warned the health care industry about “an imminent cybercrime threat to U.S. hospitals and healthcare providers.”

According to the warning, which was shared during a conference call, the government has received “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The information was being shared with participants so that they can take timely precautions to protect their networks from the threat.
Continue Reading Warning to Hospitals of Imminent Threat Released by U.S. Government

Health care providers and contractors continue to be a popular target for hackers. Recently, CHSPSC LLC (CHSPSC), which provides various services to hospitals and clinics indirectly owned by Community Health Systems, Inc. of Tennessee, agreed to pay $2,300,000 to the Office for Civil Rights (OCR) in settlement of potential violations of HIPAA’s Privacy and Security Rules. The OCR investigation and settlement stemmed from a data breach affecting over six million people.
Continue Reading HIPAA Business Associate Pays $2.3 Million Settlement After Hackers Target PHI of Over 6 Million Individuals

The Office for Civil Rights (OCR) announced yesterday that it has settled five investigations in its HIPAA Rights to Access Initiative (Initiative), which it announced would be an enforcement priority for it starting in 2019. The Initiative is “to support individuals’ right to timely access to their health records at a reasonable cost under the HIPAA Privacy Rule.”

The addition of the five recent settlements brings the total to seven for OCR’s enforcement of the Initiative. The OCR’s press release states that the recent settlement involve five entities: Housing Works, Inc., All Inclusive Medical Services, Inc., Beth Israel Lahey Health Behavioral Sciences and King MD.
Continue Reading OCR Settles Five Investigations Under Right of Access Initiative

On August 24, 2020, the Centers for Medicare & Medicaid Services (CMS) announced an “extension of the timeline” for publication of a final rule addressing changes to the Physician Self-Referral Law (or Stark Law) regulations.  In its announcement, CMS set a new deadline of August 31, 2021 for publication of a final rule.
Continue Reading CMS Extends Timeline for Finalizing Changes to Physician Self-Referral (Stark) Law Regulations to August 2021

On June 12, 2020, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued timely HIPAA guidance (Guidance) regarding solicitations of blood and plasma donations from recovered COVID-19 patients.

In the Guidance, OCR affirms that health care providers can use patient information to identify patients that have recovered from COVID-19 to provide information about how they may donate plasma or blood with COVID-19 antibodies to support treatment of other patients with COVID-19. OCR explains that this use of protected health information would be permissible as part of a provider’s health care operations to enable case management of COVID-19 patient populations. OCR also reminds providers that because the activity is a health care operation and not for treatment purposes, HIPAA’s minimum necessary standard applies to any use or disclosure of protected health information in connection with the solicitation of blood or plasma donations.
Continue Reading HHS Issues Guidance for Providers on Soliciting COVID-19 Blood and Plasma Donations

These days, news stations are frequently running stories concerning people being treated for COVID-19, the providers working tirelessly to care for them, and politicians visiting health care facilities for a first-hand look at the crisis. In response to the media interest, the Office for Civil Rights (OCR) issued guidance on May 5, 2020 to healthcare providers answering the question “Does the COVID-19 Public Health Emergency alter the HIPAA Privacy Rule’s restrictions on disclosures of protected health information to the media?” The guidance reminds them “that the HIPAA Privacy Rule does not permit them to give media and film crews access to facilities” in which patient health information may be accessible without the patients’ authorization. This includes any areas of the facility where patients’ protected health information (PHI) may be accessible in any form (e.g., written, electronic, oral, or other visual or audio form).


Continue Reading OCR Issues Guidance About Media Access to Health Care Facilities

Connecticut Governor Ned Lamont recently issued four new executive orders to address the COVID-19 state of emergency (Executive Orders 7CC – 7FF) that contain provisions relevant to health care providers and facilities in the state.  Among other things, the Executive Orders (i) expand access to telehealth services, (ii) expand the available health care workforce, (iii) increase current reporting requirements for long-term care facilities, (iv) allow the Commissioner of the Department of Social Services (DSS) to scale back certain Medicaid program requirements, and (v) update requirements related to out-of-network emergency billing.  A summary of particularly significant changes contained in those Orders follows.
Continue Reading Connecticut Governor Expands Health Care Workforce, Access to Telehealth Services and Issues Other Important Health Care Updates in New Executive Orders