Tag Archives: HIPAA

DOJ Announces Criminal Conviction of Physician for HIPAA Violation

On April 30, 2018 a Massachusetts physician was convicted of a criminal violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as well as one count of obstruction of a criminal health care investigation, in a Massachusetts federal court. The convictions relate to the purported sharing of confidential patient information by the physician with pharmaceutical sales representatives that allowed the pharmaceutical company to target patients with specific conditions (and to correspondingly facilitate the receipt of prior authorizations for the company’s drugs from patients’ insurers).…

Connecticut Supreme Court Recognizes Common-Law Cause of Action for Unauthorized Disclosure of Confidential Medical Information

In a long-awaited decision concerning the confidentiality of medical records and patient privacy, the Connecticut Supreme Court recently concluded that the physician-patient relationship establishes a duty of confidentiality to a patient in Connecticut, and that unauthorized disclosure of confidential information obtained for the purpose of treatment in the course of that relationship gives rise to a cause of action in tort, unless the disclosure is otherwise permitted by law.

In Byrne v. Avery Center for Obstetrics and Gynecology, P.C., the Court considered – for a second time – the …

CMS Issues Guidance on Texting Patient Information

On December 28, 2017, the Centers for Medicare and Medicaid Services (CMS) published a memo to state survey agency directors clarifying its position on the use of text messaging among health care providers. In its memo, CMS stated that it does not permit texting of patient orders by health care providers, as texting of patient orders does not comply with the applicable Medicare conditions of participation (COPs), specifically 42 C.F.R. § 489.24. Instead of texting patient orders, CMS states that its preference is for health care providers to either hand-write …

$5.5 Million HIPAA Settlement Emphasizes Importance of Audit Controls of Access by OHCA Affiliates

On February 16, 2017, the Office for Civil Rights (OCR) announced a $5.5 million settlement with South Broward Hospital District d/b/a Memorial Healthcare System (Healthcare System), to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).  The Healthcare System is a nonprofit corporation that operates several hospitals, an urgent care center, a nursing home, and ancillary health care facilities throughout south Florida.  The Healthcare System is also affiliated with physician offices through an Organized Health Care Arrangement (OHCA).…

21st Century Cures Act – Implications for Investigators and Research Sites

Below is a summary of some of the key provisions relevant to investigators and research sites included in the recently enacted, bipartisan 21st Century Cures Act, including human subjects protections and the privacy and security of health information used in clinical research.  Among other requirements, the Act:

*requires the Department of Health and Human Services (HHS) to harmonize the U.S. Food and Drug Administration (FDA) Human Subjects Regulations with the HHS Human Subject Regulations (the Common Rule), which should help streamline research that falls under both sets of regulations;…

OCR’s HIPAA Guidance on Cloud Computing

On October 6, 2016, the Office for Civil Rights (OCR) released HIPAA guidance on cloud computing (Guidance).  The Guidance was intended to help covered entities and business associates understand their HIPAA obligations in cloud computing arrangements, and clarify the HIPAA obligations of cloud service providers (CSPs). The Guidance noted in part that:

  • CSPs that create, receive, maintain or transmit electronic protected health information (ePHI) are classified as “business associates” under HIPAA. If a covered entity or business associate uses a CSP to perform any of these functions, it must enter
LexBlog