OR PHONE (866) 635-1838 for Bankruptcy Help, (866) 635-6190 for Divorce,
(866) 635-2689 for Personal Injury or (866) 635-9402 for Criminal Defense

Find a Local Lawyer

Bankruptcy (866) 635-1838
Divorce (866) 635-6190
Personal Injury (866) 635-2689
Criminal Defense (866) 635-9402

Health Law

HIPAA Health Law & Technology HIPAA Health Law & Technology

Legal developments, issues, and other pertinent information relating the creation, use, and exchange of health information. Topics include EHRs and PHRs; HIEs, RHIOs, and EHR networks; privacy and security; breaches; and recent legislation.
By Helen Oscislawski

Post Frequency: 7/day

Last Entry: January 26, 2015 at 14:43:05

Recent Entries: 365

Track this blog ()

Go to HIPAA Health Law & Technology, find other Health Law blogs, or browse all law blogs.

This Blog Only All Blogs


Medicare ACO Claims Data Sharing and Opt-Out, Take 2

Posted on January 26, 2015
I had an interesting conversation with Mike Barrett, Chairman of the National Association of ACOs, as a result of my January 7th post on the Medicare beneficiary opt-out process described in Medicare Shared Savings Program (?MSSP?) regulations proposed by the Centers for Medicare & Medicaid Services (?CMS?)...

HIPAA Compliance Trends for 2015

Posted on January 20, 2015
As she had done in 2014, Marla Durben Hirsch interviewed my partner Elizabeth Litten and me for her annual Medical Practice Compliance Alert article on compliance trends for the New Year. While the article, which was entitled ?6 Compliance Trends That Will Affect Physician Practices in 2015,? was published in the January 5, 2015 issue...

New NJ Standard More Stringent than HIPAA

Posted on January 13, 2015
New Jersey Governor Chris Christie signed a bill (S.562)into law on January 9, 2015 that will impose a standard more stringent than HIPAA on health insurance carriers authorized (i.e., licensed) to issue health benefits plans in New Jersey. Effective August 1, 2015, such carriers will be required to secure computerized records that include certain personal...

?No? to ACO Data Sharing? Proposed Rules Tweak Medicare Beneficiary Opt-Out Notice Procedure

Posted on January 07, 2015
Medicare beneficiaries whose healthcare providers participate in an Accountable Care Organization (ACO) under the Medicare Shared Savings Program (MSSP) may want to add the Centers for Medicare & Medicaid Services (CMS) website, ?Medicare & You?, to their lists of favorite internet links if they don?t want their Medicare claims data shared...

To access this complete feed in the blog feed reader login or register for free.

HIPAA Hurdles in 2015

Posted on December 30, 2014
Nearly a year ago, as described in an earlier blog post, one of my favorite health industry journalists, Marla Durben Hirsh, published an article in Medical Practice Compliance Alert predicting physician practice compliance trends for 2014. Marla quoted Michael Kline?s prescient prediction that HIPAA would increasingly be used as ?best practice? in actions brought in...

HIPAA Holiday Cheer (Lament?)

Posted on December 23, 2014
On the twelfth day of breaches my hacker sent to me: Twelve Data Downloads Eleven Plundered Patches Ten Missed BA Contracts Nine Malware Installs Eight Mis-sent Faxes Seven Stolen Laptops Six Snooping Staffers Five Old NPPs Four Lost Thumbdrives Three Re-sent Texts Two Pop-up Links ? And a Bill for Compliance Auditing...

Connecticut ?Opens Floodgates? for HIPAA Litigation

Posted on December 17, 2014
My partner Elizabeth Litten and I were recently interviewed for an article entitled ?Connecticut ?opens floodgates? for HIPAA litigation? published in ?Privacy this Week? by DataGuidance. The full text of the article can be found in the November 13, 2014 issue of ?Privacy this Week,? but a discussion of the article is set forth below...

Celebrities? Health Information Compromised by Sony Hacking

Posted on December 09, 2014
Fox Rothschild partner Scott Vernick recently appeared as a guest on the Willis Report to discuss the fallout of the hacking of Sony Pictures Entertainment. Click here to view the segment. Celebrities? individually identifiable health information, some of which appears to be protected health information (?PHI?) under HIPAA, was among the sensitive personal data hacked...

Michael Kline?s ?List of Considerations? for Indemnification Provisions in Business Associate Agreements

Posted on November 18, 2014
I strongly urgeeverycovered entityand business associatefaced with a Business Associate Agreement that includes indemnification provisions to read Michael Kline’s “List of Considerations” before signing. Michael’s list, included inan article he wrote that was recently published in the American Health Lawyers Association’s “AHLA Weekly” and available here, highlights practical and yet not obvious considerations...

OCR: HIPAA Privacy Rule ?Not Set Aside in an Emergency?

Posted on November 12, 2014
The threats to health privacy in the face of the Ebola scare has not escaped the notice of the Office of Civil Rights (OCR). As we reported last month, a great deal of information regarding the identity and condition of individuals who may have been exposed to or treated for Ebola has appeared in news...

Connecticut Supreme Court Decision Depicts Rubik?s Cube of Federal and State Privacy and Security Compliance

Posted on November 11, 2014
As if compliance with the various federal privacy and data security standards weren’t complicated enough, we may see state courts begin to import these standards into determinations of privacy actions brought under state laws. Figuring out which federal privacy and data security standards apply, particularly if the standards conflict or obliquely overlap, becomes a veritable...

Connecticut Supreme Court Recognizes Individual?s Right for State Tort Action Using HIPAA as Standard of Care

Posted on November 09, 2014
The Connecticut Supreme Court handed down a decision in the case of Byrne v. Avery Center for Obstetrics and Gynecology, P.C., — A.3d —-, 2014 WL 5507439 (2014) that [a]ssuming, without deciding, that Connecticut’s common law recognizes a negligence cause of action arising from health care providers’ breaches of patient privacy in the context of...

Patient Support Groups, Email and the Duty to Warn

Posted on November 05, 2014
I was recently asked whether the sending of an unencrypted group email to participants in a health-related support group violated HIPAA. Faithful blog readers can guess my first question: ?Was the sender a covered entity, business associate, or subcontractor?? Many support group entities are non-profit organizations staffed by volunteers and do not meet the definition...

Medical Device, ?Heal Thyself? from Data Hacking

Posted on October 27, 2014
Innovative health care-related technology and developing telemedicine products have the potential for dramatically changing the way in which health care is accessed. The Federation of State Medical Boards (FSMB) grappled with some of the complexities that arise as information is communicated electronically in connection with the provision of medical care and issued a Model Policy...

Which Privacy Protections Apply? HIPAA, FERPA and Ebola

Posted on October 22, 2014
Recent news articles regarding a New Jersey elementary school?s handling of the enrollment of two new students from Rwanda provided another glimpse of Ebola hysteria and the opportunity for me to follow up on Bill Maruca?s blog about Ebola and HIPAA with yet another (fairly obscure) statutory acronym...

Ebola In The News ? Is Too Much PHI Being Revealed And By Whom?

Posted on October 15, 2014
The names and photos of the late Thomas Eric Duncan and his former nurse Nina Pham are all over news media reports of the first cases of Ebola in the United States. But just how did news outlets learn their identities? Or, as my assistant asked me this morning, ?isn?t this a HIPAA violation?? as...

Cyber-Sleuth or Cyber-Thief? LabMD Case Continues to Expose the Good, the Bad, and the Downright Ugly in Cyber-Security Developments

Posted on October 15, 2014
LabMD, Inc. CEO Michael J. Daugherty continues to doggedly defendLabMD against an action brought bythe Federal Trade Commission (FTC)against LabMD based onSection 5 of the FTC Act. He now has an opportunity to prove himself the ?good guy? following last week?s decision by Chief Administrative Law Judge D...

Beware of Social Utilities Bearing New Apps Gifts

Posted on October 06, 2014
Michael Coco writes: I have never considered myself to be at the forefront of the newest technology. Those familiar with the Technology Adoption Lifecycle might even classify me as a ?laggard.? For example, I don?t own a Blu-ray player, a first-generation iPod nano controls the music in my car, and the only reason I bought...

?Step Away from that Subpoena? and Review HIPAA Obligations Before Producing PHI

Posted on October 01, 2014
If you receive a subpoena, discovery request, or even a court order demanding the release or production of documents or files that may contain protected health information (PHI), are you obligated to comply? The surprising answer, in many cases, is ?no?...

Countdown to September 22nd ? Shortcuts for Business Associate Agreement Compliance

Posted on September 09, 2014
The deadline for executing a HIPAA Omnibus Rule-compliant Business Associate Agreement (BAA) looms just 2 short weeks from today. What can a busy covered entity (CE) or business associate (BA) do quickly to show HHS (let alone its business partners/contractors) that it wants and fully intends to comply with the new requirements? Here are3 shortcuts...

Is that Cute Baby Photo Really PHI? Calming the HIPAA Hullabaloo

Posted on August 14, 2014
Last Sunday?s New York Times article by Anemona Hartocollis on the illegality of posting baby pictures in a doctor?s office made me wonder if anyone I know could pick my kids’ facesout of a line up of cute newborn photos postedon the wall of a doctor?s office...

The Parade of Major Reported PHI Breaches Surges to 885 ? Theft and Loss Dominate the Numbers

Posted on July 30, 2014
The number of large breaches of Protected Health Information (PHI) under HIPAA that have been reported on the so-called ?Wall of Shame? (the HHS List) maintained by the U.S. Department of Health and Human Services has jumped by 239 to 885 in less than a year...

Two Months to Amend HIPAA Business Associate Agreements for Omnibus Compliance, But Beware the Bare Bones BAA

Posted on July 22, 2014
Does your business associate agreement (BAA) reflect your business deal, or is it a bare bones HIPAA compliance document? Now is the time to check. The HIPAA ?Omnibus Rule? published in January of 2013 gave covered entities, business associates, and subcontractors until September 22, 2014 to make their business associate agreements (BAAs) compliant, so use...

Hobby Lobby, HIPAA and Happy Independence Day

Posted on July 03, 2014
The recent United States Supreme Court decisioninBurwell v. Hobby Lobby Stores, Inc. has attorneys, pundits, policy-makers and businesses (yes, corporations are people, too) pondering big, quintessentially American issues like the free exercise of religion, compelling government interests, and our fundamental right to make money (and, as a corollary issue, what distinguishes for-profit from not-for-profit corporations)...

Paper Records HIPAA Violation Results in $800,000 Payment under HHS Resolution Agreement

Posted on June 29, 2014
My partner Elizabeth Litten was quoted at length by Alexis Kateifides in his recent article in DataGuidance entitled ?USA: ‘Unique’ HIPAA violation results in $800,000 settlement? While the full text can be found in the June 26, 2014 article in DataGuidance...

PHI Data Breaches just went from Bad Dream to Nightmare in West Virginia

Posted on June 13, 2014
Michael Cocowrites: The dreaded PHI data breach is every covered entity?s bad dream, but the West Virginia Supreme Court just turned that bad dream into a nightmare. The court decided a case, Tabata v. Charleston Area Medical Center, Inc., brought on behalf of thousands of patients requesting class certification to sue the medical center for...

Risky (Health Care) Business: Disclosure of FTC Data Security Enforcement Potential to Investors and Other Third Parties

Posted on June 09, 2014
Readers of this blog know that we have been tracking the FTC?s recent data security enforcement activities with a particular focus on the FTC v. LabMD case. As reported by Cause of Action, a nonprofit organization involved in the defense of LabMD, the LabMD trial was put on hold on May 30, 2014 until June...

Will Unearthing the FTC?s Data Security Standards Help the Health Care Industry?

Posted on May 07, 2014
As a regulatory lawyer, I frequently find myself parsing words and phrases crafted by legislators and agencies that, all too often, are frustratingly vague or contradictory when applied to a particular real-world and perhaps unanticipated (at the time of drafting) scenario...

Unencrpyted Laptops Prove Costly

Posted on April 24, 2014
Is the PHI on all your mobile devices encrypted? If not, here?s another two million reasons to make encryption your top priority. The Office of Civil Rights (OCR) of the Department of Health and Human Services announced on April 22, 2014 that they had imposed nearly $2 million in penalties on two entities as a...

When the Long Arm of HIPAA Reaches into Mergers, Acquisitions and Asset Sales of Health Care Practices

Posted on April 18, 2014
Michael J. Coco writes: If you have ever bought or sold a business, or you have experience with the process, you are aware of the due diligence efforts and multiple agreements required to close the deal. Transactions involving the sale or purchase of health care related business, such as a medical practice, often take the...

Bloggers, promote your law blog by nominating your blog for inclusion in USLaw.com's Law Blog Directory and RSS Reader. Benefits described.
Related Law Bulletins

Related Law Articles

Related Law Questions

Related Searches

US Law
#1 Online Legal Resource

Your Blog Subscriptions
Subscribe to blogs

10,000+ Law Job Listings
Lawyer . Police . Paralegal . Etc
Earn a law-related degree
Are you the author of this blog? Adding USLaw.com to your Blogroll increases relevance. You qualify to display a USLaw Network badge.
Suggest changes to this blog's description or nominate another for inclusion. Register for updates.

Practice Area
Zip Code:

Contact a Lawyer Now!


0.3537 secs (from cache 01/30/15 16:20:38)