Health Law Alert

2012: Issue 12 - Focus on HIPAA/Privacy

FDA Safety and Innovation Act Includes Important Provision Regarding Mobile Health Care Technology

By: James B. Wieland and *Joshua J. Freemire

On July 9, 2012 President Obama signed into law the Food and Drug Administration Safety and Innovation Act [PDF] (FDASIA). [At press-time, a public law version of the bill was not available. The link provided here leads to the "enrolled bill" version of the law which was approved by both the House and Senate and submitted for the President's signature.] The law provides for a host of changes to the existing FDA regulatory framework, including much-debated provisions relating to user fees, altered regulatory processes, and some incentive programs. One section, however, has drawn little attention but may have an outsized impact on the large-and-rapidly-growing mobile health care technology (mHealth) industry.

Click to continue...

Connecticut Medical Examining Board Fines Physician $20,000 for HIPAA Violations

By: James B. Wieland and Joshua J. Freemire

A recent action by the Connecticut Medical Examining Board (a unit of that state's Department of Public Health) should serve to remind covered entities and business associates that it is not only the federal government that can act to enforce HIPAA's privacy requirements. In a consent order dated the 21st of March [PDF] but officially accepted in mid-June, Dr. Gerald Micalizzi accepted a $20,000 fine, six months probation, and additional education requirements for inappropriately accessing the records of patients at Connecticut's Griffin Hospital.

Click to continue...

Recently Released HIPAA Audit Protocol Offers Insight As to Audit Priorities, Best Practices

By: James B. Wieland and Joshua J. Freemire

Covered Entities and Business Associates may be breathing a little easier lately, after the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) made public the detailed audit protocols used by KPMG during the first round of random audits. The protocols contain some surprises, but, at a minimum, their publication ends what had been a nonpublic process. Covered entities and business associates alike should review the protocols even if they were not selected for an audit during this past cycle; the protocols offer some surprising indications of government enforcement priorities and provide a fairly granular "road map" of HHS OCR's interests.

Click to continue...

Figloiozzi and Company Begin Meaningful Use Audits as CMS Designee

By: James B. Wieland and Joshua J. Freemire

A number of health care providers that attested to Meaningful Use for Stage 1 have received a letter from an Figloiozzi and Company, acting as CMS's auditor for the EHR Incentive Program (the "Program" or "Meaningful Use Program"), requesting certain records related to the attestation. CMS has not, as of this writing, made any announcement of this audit initiative or of the engagement of Figloiozzi and Company. While it is always good policy to confirm the identity and authority of any entity claiming a right to review or audit records, these letters are legitimate. Citing its statutory authority under the American Recovery and Reinvestment Act (ARRA), and without any fanfare, CMS has begun to audit the attestation materials.

Click to continue...

Medicaid Pays $1,700,000 to Settle HIPAA Security Violations

By: Sarah E. Swank

In its first enforcement action against a state agency, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) settled last month with Alaska’s Department of Health and Social Services (DHSS) for HIPAA security violations it reported as required by HITECH. DHSS entered into a settlement agreement [PDF] and agreed to pay $1,700,000 after a USB hard drive (an electronic storage device) potentially containing electronic protected health information (ePHI) was stolen from the vehicle of a DHSS computer technician in October 2009.

Click to continue...

home  | e-mail  |  print

 

Subscribe to our Newsletters