Patient testimonial postings lead to $25,000 HIPAA privacy fine

Federal regulators have announced a privacy investigation settlement that could affect how any entity that collects protected health information (PHI) uses consumer testimonials.

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) says it has negotiated the settlement with Complete P.T., Pool & Land Physical Therapy Inc., a Los Angeles physical therapy practice.

In 2012, the practice posted testimonials from happy patients, including full names and photos, on the Web without getting what OCR classifies as valid authorizations, according to an OCR settlement announcement and a copy of the settlement agreement posted on the OCR website.

OCR officials say the Health …Read More

Reminder: Deadline for Reporting 2015 HIPAA Breaches Fast Approaching

Covered entities which experienced a HIPAA breach in calendar year 2015 are required to report all such breaches affecting fewer than 500 individuals to OCR by Monday, February 29, 2016. The reports must be submitted via OCR’s online portal, available here. This yearly reporting obligation is in addition to the requirement to report large breaches — those affecting 500 or more individuals — within 60 days of discovering the breach.

This is also an appropriate time to review and update breach notification policies and procedures to make sure that covered entities have in place the appropriate mechanisms to notify OCR timely and appropriately.

Khan …Read More

HIMSS16 Social Media Ambassador Matthew Fisher: HIPAA audits will reveal mass noncompliance

Matthew R. Fisher chairs the Health Law Group within the firm Mirick O’Connell in Worcester, Massachusetts, a fitting role given his passion for understanding the practicality of healthcare regulations in the real world.

At the end of this month at HIMSS16 he’ll bring this legal background to the Social Media Ambassadors program.

Fisher shared insights including understanding the next steps for IT security in healthcare, the microbreweries he cannot wait to visit in Las Vegas, and what he’s most looking forward to at the conference.

Q: One health IT prediction for 2016?

A: I think the HIPAA audits will finally occur. After the first …Read More

Avoid HIPAA Violation, Billing Issues at Your Practice

By Ericka L. Adler

 I sometimes find myself on the consumer end of the healthcare issues on which I advise my clients. Each experience is a learning opportunity I try to share with them.  For instance, I recently received a bill from a practice in Massachusetts addressed to my 13 year old son.

The bill outlined services provided by various different physicians, previous amounts paid and/or reimbursed by insurance (naming the insurer) and the amount due for services. There was nothing about the patient’s treatment in the past year that I could not tell by looking at this bill, including drugs injected …Read More

Williamson Memorial Hospital

Delbarton man accuses Williamson Memorial of HIPAA violations

CHARLESTON – A Delbarton man is suing Williamson Memorial Hospital after he claims it violated HIPAA by disclosing personal information about his surgery.

William Bub Prater was also named as a defendant in the suit.

On Oct. 7, John William Ray was to have surgery performed at Williamson by Dr. Subhash Vyas and Prater was part of the surgical team, according to a complaint filed Dec. 22 in Mingo Circuit Court and removed to federal court on Jan. 26.

Ray claims Vyas performed the surgery to remove an abscess from his testicle and the following Sunday and forced him to provide him with …Read More

Employees mishandle data, violate HIPAA in Washington State Medicaid breach

The Washington State Health Care Authority (HCA) announced yesterday that employees at two state agencies committed a HIPAA violation by improperly exchanging private data pertaining to its Apple Health Medicaid clients.

How many victims? 91,000

What type of information? Social Security numbers, birthdates, Apple Health client ID numbers and private health information.

What happened? Two state workers from separate state agencies exchanged Apple Health client files, after the HCA employee requested technical assistance with spreadsheets containing the private data. This HIPAA violation was uncovered during an unrelated whistleblower investigation into misuse of state resources.

What was the response? HCA conducted a joint internal investigation with the other involved …Read More

Are doctors ready for their customer reviews on Yelp? Not really!

Healthcare providers might be in for a rude awakening in 2016.

This year is quickly shaping up to be the one in which digital media moves from having an ancillary impact on healthcare organizations, to one in which it plays just as central a role as it does in other industries.

Blatant warning signs started to crop up in late 2015, but thankfully, there are ways to prepare.
One provider’s (very public) mistake
Before the age of digital and social media, the repercussions around HIPAA violations were somewhat limited in terms of reputation.

Of course, public notification was required, but most concerns stopped after a few traditional media announcements. Today though, …Read More

What OCR Considers During Intake & Review of a Complaint

The Office for Civil Rights (OCR) is the agency within the U. S. Department of Health and Human Services that investigates complaints about failures to protect the privacy of health information. It does so under its authority to enforce the Privacy and Security Rules.

OCR carefully reviews all complaints that it receives. Under the law, OCR only may take action on complaints that meet the following conditions.

The alleged action must have taken place after the dates the Rules took effect. Compliance with the Privacy Rule was not required until April 14, 2003. Compliance with the Security Rule was not required until …Read More

Docs Earn More by Whistleblowing; HIPAA

If you’re a witness to wrongdoing by another physician, a hospital, or a pharmaceutical company, you can share in up to 15% of a settlement that’s often in the vicinity of tens of millions of dollars, according to an article in JD Supra.[1]

Whistleblowers were responsible for $3 billion of the $3.8 billion-plus recovered by the US Department of Justice in 2013 under the False Claims Act. Of the total recovered, $2.6 billion came from healthcare entities. And whistleblower-physician plaintiffs are getting rewarded mightily for successful claims—typically receiving a percentage of the government’s recovery, plus attorney fees.

“Whistleblower claims in the healthcare …Read More

Six Ways to Improve Data Security at Your Practice

A married couple — both doctors who shared a medical practice — almost divorced over a HIPAA breach that blindsided them when a patient called to say that her medical records appeared in a Google search and she was filing a lawsuit.

The orthopedist of a small practice didn’t want to fund the cost of an IT service provider to make sure his network was secure.  Instead the doctor hired his cousin who earned his IT stripes fixing performance problems on his own laptop.  Unfortunately, the family member never updated the practice’s malware software and patient data ended up on a …Read More