What OCR Considers During Intake & Review of a Complaint

The Office for Civil Rights (OCR) is the agency within the U. S. Department of Health and Human Services that investigates complaints about failures to protect the privacy of health information. It does so under its authority to enforce the Privacy and Security Rules.

OCR carefully reviews all complaints that it receives. Under the law, OCR only may take action on complaints that meet the following conditions.

The alleged action must have taken place after the dates the Rules took effect. Compliance with the Privacy Rule was not required until April 14, 2003. Compliance with the Security Rule was not required until …Read More

Docs Earn More by Whistleblowing; HIPAA

If you’re a witness to wrongdoing by another physician, a hospital, or a pharmaceutical company, you can share in up to 15% of a settlement that’s often in the vicinity of tens of millions of dollars, according to an article in JD Supra.[1]

Whistleblowers were responsible for $3 billion of the $3.8 billion-plus recovered by the US Department of Justice in 2013 under the False Claims Act. Of the total recovered, $2.6 billion came from healthcare entities. And whistleblower-physician plaintiffs are getting rewarded mightily for successful claims—typically receiving a percentage of the government’s recovery, plus attorney fees.

“Whistleblower claims in the healthcare …Read More

Six Ways to Improve Data Security at Your Practice

A married couple — both doctors who shared a medical practice — almost divorced over a HIPAA breach that blindsided them when a patient called to say that her medical records appeared in a Google search and she was filing a lawsuit.

The orthopedist of a small practice didn’t want to fund the cost of an IT service provider to make sure his network was secure.  Instead the doctor hired his cousin who earned his IT stripes fixing performance problems on his own laptop.  Unfortunately, the family member never updated the practice’s malware software and patient data ended up on a …Read More

Lincare set to pay $240,000 HIPAA penalty

As we head further into 2016, the Department of Health and Human Services’ Office of Civil Rights has pledged to step up investigations of reported violations of the Health Insurance Portability and Accountability Act of 1996. According to Dentistry IQ, the government body has also promised to ramp up the number of routine audits for healthcare providers, after executive officials announced that overall compliance with the HIPAA privacy rule will receive even greater scrutiny this year. The privacy rule of HIPAA pertains to the protection of patient health information, and the issue has become of great concern recently due to …Read More

Husband Reports Wife’s HIPAA Violation Triggering Six Figure Penalty Against Employer

For the second time in history, the Office for Civil Rights (“OCR”) has imposed a civil monetary penalty (“CMP”) against a covered entity for violations of the Health Insurance and Portability Act (“HIPAA”). Lincare, Inc., a provider of respiratory care, infusion therapy, and medical equipment to in-home patients, is required to pay a $239,800 CMP for failure to safeguard its patients’ protected health information (“PHI”) in violation of HIPAA. A U.S. Department of Health and Human Services administrative law judge has upheld the imposition of the CMP and granted summary judgment to OCR on all issues.

OCR began investigating Lincare in …Read More