Tag Archives: protected health information

HIPAA Business Associate Pays $2.3 Million Settlement After Hackers Target PHI of Over 6 Million Individuals

Health care providers and contractors continue to be a popular target for hackers. Recently, CHSPSC LLC (CHSPSC), which provides various services to hospitals and clinics indirectly owned by Community Health Systems, Inc. of Tennessee, agreed to pay $2,300,000 to the Office for Civil Rights (OCR) in settlement of potential violations of HIPAA’s Privacy and Security Rules. The OCR investigation and settlement stemmed from a data breach affecting over six million people.…

OIG Audit Finds that Majority of Part D Providers Surveyed Used E1 Transactions for Potentially Inappropriate Purposes

The Centers for Medicare and Medicaid Services (CMS) requested an audit by the Office of Inspector General (OIG) of Medicare Part D eligibility verification transactions (E1) transactions. The OIG recently released its report which found that the majority of the providers evaluated used E1 transactions for some inappropriate purpose other than to bill for a prescription or to determine drug coverage billing order.

What are E1 transactions and why is this information disturbing?…

Dumpster Diving Leads to $100,000 Fine for Defunct Business Associate Due to Improper Disposal of Medical Records

On February 13, 2018, the HHS Office for Civil Rights (OCR) announced a $100,000 settlement with a court-appointed receiver representing Filefax, Inc. (Filefax) arising from the 2015 discovery of medical records that contained protected health information (PHI) of over two thousand individuals in a dumpster. Filefax, a now-defunct medical records moving and storage company located in Illinois, acted as a business associate under HIPAA.

OCR initiated an investigation in February, 2015, after receiving an anonymous complaint concerning medical records that had been discovered and delivered to a facility for shredding …

CMS Issues Guidance on Texting Patient Information

On December 28, 2017, the Centers for Medicare and Medicaid Services (CMS) published a memo to state survey agency directors clarifying its position on the use of text messaging among health care providers. In its memo, CMS stated that it does not permit texting of patient orders by health care providers, as texting of patient orders does not comply with the applicable Medicare conditions of participation (COPs), specifically 42 C.F.R. § 489.24. Instead of texting patient orders, CMS states that its preference is for health care providers to either hand-write …

LexBlog