Search Publications:
Health Law Alert
2011: Issue 4 - Focus on HIPAA/Privacy
HIPAA Audits Are Coming: KPMG Contracted to Perform 150 Audits Through 2012
By: James B. Wieland and Joshua J. Freemire
The HITECH Act required the Department of Health and Human Services (HHS) to conduct periodic audits of providers and business associates to ensure their compliance with statutory and regulatory requirements governing the privacy and security of electronic health records. In answer, the HHS Office of Civil Rights (OCR) has contracted with KPMG to develop a HIPAA auditing protocol and conduct audits of 150 covered entities and business associates. The HITECH Act does not detail what such audits might entail, but based on the requirements outlined in the OCR's solicitation, Jim Wieland and Josh Freemire provide an overview of what providers and business associates can expect from a HIPAA audit.
Click to continue...Why You Need to Worry AGAIN about HIPAA: Seven Practical Tips in the New Electronic Age
By: Sarah E. Swank
With the onset of HIPAA, health care organizations diligently developed the policies and workforce training programs necessary to secure the privacy of their patients' medical records. Processes change quickly in the world of technology, however, and in many cases those policies and training programs have become outdated and no longer focus on the current trends in the use of electronic health records. Sarah Swank offers seven practical tips to help organizations prevent privacy incidents in the new electronic age.
Click to continue...Breach Reporting Plans: Practical Preparation for the (Almost) Inevitable Breach
By: James B. Wieland and Joshua J. Freemire
The Breach Notification Rule requires covered entities and their business associates to report most breaches of unsecured protected health information to both the subject individuals and to HHS. In addition to the federal reporting requirement, individual states have consumer protection laws that impose even stricter requirements and shorter time lines for reporting data breaches. Josh Freemire and Jim Wieland advise taking practical steps in anticipation of a breach and offer a series of steps for organizations to follow in their breach response preparations.
Click to continue...Corrective Action Plans Can Mean Significant Compliance Monitoring Requirements
By: James B. Wieland and Joshua J. Freemire
As the government moves into a phase of increased enforcement of HIPAA Privacy and Security Rules, providers can anticipate a greater likelihood that they will be the subjects of HHS OCR investigations and possible penalties. This more aggressive enforcement activity has, in turn, brought an elevated severity of the corrective action imposed upon providers found to be in noncompliance, as HHS OCR adds Resolution Agreements and Corrective Action Plans (CAPs) to its enforcement toolkit. Jim Wieland and Josh Freemire have assessed recent resolution agreements, breaking down the reporting and monitoring responsibilities to which providers are obligating themselves - requirements that more resemble a corporate integrity agreement than a simple settlement agreement.
Click to continue...UCLA Resolves Privacy and Security Rule Violations
By: James B. Wieland and Joshua J. Freemire
Following an HHS OCR investigation into two complaints regarding inappropriate access to patient medical records, University of California at Los Angeles Health System agreed to pay $865,000 and enter a three-year corrective action plan. The details of the UCLA CAP, as discussed by Josh Freemire and Jim Wieland, highlight the administrative costs and burdensome reporting and monitoring requirements that HIPAA compliance failures can entail.
Click to continue...
