Health Law Alert
2012: Issue 10 - Focus on White Collar
Failure to Investigate - A Trap for Complacent Board Members
By: Virginia B. Evans* and Gina L. Simms
You are a hospital CEO, spending a quiet afternoon in your office when a disgruntled member of a local medical practice barges in and begins complaining that he is being treated unfairly. He tells you that he is not getting the same amount of time in the Cardiac Cath Lab as other physicians, that another physician got a better sign-on bonus than he did, and that the space that he rents from the hospital is smaller than a neighboring practice's space. Inwardly, you sigh, while outwardly you listen attentively. In the back of your mind you are hoping that maybe this will all blow over by next week. However, because you are conscientious, you report "Dr. Smith's" complaint to the Board of Directors at their next meeting. Together, you and the Board discuss whether and how to investigate his complaint. Everyone hopes that Dr. Smith will let things go. The allegations are meritless. He is just unhappy. Other matters rise to the Board's attention and weeks later, Dr. Smith's complaints remain largely ignored.
What potential jeopardy does the Board face by the organization's failure to investigate? Ignoring complaints can create a trap for unwary board members and executives. What if Dr. Smith has really identified a Stark1 problem?Click to continue...
State Enforcement Action for HIPAA Violations Set to Increase
Massachusetts Hospital Settles Improper Record Disposal Accusations as OCR Makes Public Its State AG Training Materials
After two boxes of un-encrypted backup tapes were lost in shipment (and following a two-year investigation by the Attorney General of Massachusetts) South Shore Hospital (SSH) in Massachusetts has agreed to a settlement of $750,000 for failure to adequately safeguard patient health information under the Health Information Portability and Accountability Act (HIPAA) and state consumer protection laws. SSH's settlement [PDF], much like the federal Office of Civil Rights' (OCR's) “Resolution Agreements” also requires broad and ongoing compliance and third-party auditing activities likely to result in substantial additional costs. The state's action could be seen as emblematic of a new rise of state, rather than federal, enforcement action against both providers and their business associates. State attorneys general, thanks to changes made by the Health Information Technology for Economic and Clinical Health (HITECH) Act, are learning to wield newfound authority to bring lucrative civil actions based on violations of federal HIPAA requirements and state consumer protection and privacy laws.Click to continue...