Archives: Privacy & Security/HIPAA/HITECH

Subscribe to Privacy & Security/HIPAA/HITECH RSS Feed

Don’t miss Emerging Issues in Healthcare Law

Emerging Issues in Healthcare Law is coming to the Big Easy. The American Bar Association’s 18th annual conference is slated for New Orleans March 8-11. Husch Blackwell is a platinum sponsor of this event featuring the most emergent topics facing the healthcare bar. As the industry faces changes and continues to grow under healthcare reform … Continue Reading

St. Clair v. CVS Pharmacy, Inc. and healthcare calls under the TCPA’s emergency purpose exception

A California federal court handed down a decision last Friday that may further influence how healthcare entities should approach the Telephone Consumer Protection Act’s (TCPA) “emergency purpose” exception as applied to calls or texts related to patient health and safety. In St. Clair v. CVS Pharmacy, Inc., No. 16-CV-04911-VC, 2016 WL 7489047, at *1 (N.D. Cal. … Continue Reading

Congress’ suggestions for ransomware treatment under HIPAA

Backing up electronic health record data may become an important aspect of complying with and mitigating risk under the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) if the U.S. Health and Human Services Office of Civil Rights (OCR) heeds legislators’ recommendations.… Continue Reading

Orders can be submitted by text – the Joint Commission update

On April 29, 2016, the Joint Commission released an update (“Update”) providing for the use of text messaging to submit orders for patient care, treatment, or services to the hospital or other health care settings for all accreditation programs. Back in 2011, the Joint Commission believed that the technology necessary to secure contents of a … Continue Reading

Caution – Vendors are not the only ones charging you to use your EHR/EMR!

Based on recent news stories and our experience, it appears that cybercriminals may be targeting healthcare providers with ransomware attacks. Publicly reported incidents and others of which we are aware have involved providers ranging from clinics and imaging centers to hospitals, and these entities have had to pay hundreds to thousands of dollars to gain … Continue Reading

Adding some class to Information Governance (Part 1)

When governing information, it works well to identify and bundle rules (for legal compliance, risk, and value), identify and bundle information (by content and context), and then attach the rule bundles to the information bundles. Classification is a great means to that end, by both framing the questions and supplying the answers. With a classification … Continue Reading

CMS to rewrite the rules of EHR meaningful use

Recent remarks made by the Centers for Medicare & Medicaid Services (“CMS”) Acting Administrator Andy Slavitt at a healthcare conference indicated that CMS will be ending the “meaningful use” electronic health record (“EHR”) Incentive Program in 2016, five years ahead of its original final end date of 2021. Acting Administrator Slavitt did not elaborate on the … Continue Reading

HIPAA compliance: another year older, but hopefully not deeper in debt

My New Year’s resolutions will likely be broken early and often in 2016. My consequences are mostly non-monetary: a few more pounds, a little less savings, and not winning the triathlon in my age group. Your consequences, as a HIPAA-covered entity or business associate, for not complying with the Privacy and Security Rules could be … Continue Reading

OIG issues FY 2016 Work Plan with more than 40 new focal areas

The Office of the Inspector General (OIG) for the U.S. Department of Health & Human Services recently published its Fiscal Year 2016 Work Plan, which summarizes OIG’s priorities over the coming year. Notably, the 2016 Work Plan demonstrates the OIG’s expanded focus on delivery system reform and the effectiveness of alternate payment models, coordinated care … Continue Reading

$750K HIPAA settlement highlights importance of risk analysis, device control policy

Cancer Care Group, P.C. settled alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules on September 2 with the U.S. Department of Health & Human Services Office for Civil Rights (OCR) for $750,000. Cancer Care, a radiation oncology private physician practice located in Indiana, also agreed to adopt a corrective … Continue Reading

Data Security for Employer Health Plans Post-Anthem

The Anthem breach sent alarm waves through the health care industry and the employer health plan community. With 78.8 million affected individuals for Anthem and 11 million for the companion breach of Premera Blue Cross, the combined size ranks among the largest data breaches in history. The Anthem and Premera breaches signal a sea change … Continue Reading

The 10 Key Activities for Effective Data Breach Response – Are You Prepared?

It’s a dangerous world for protected information, with major breaches in the news and a challenging cyber-threat environment behind the scenes. The healthcare industry is a prime target, especially given the premium value of health information on the black market. And healthcare entities face not only PHI breach exposures, but also security risks for other … Continue Reading

Another notch in the hacking holster: Cyber outlaws hit Anthem hard

Having no need to brandish bandanas to obscure identity or firearms to force entry, it was reported Wednesday that cyber bandits, in a sophisticated and well-orchestrated robbery, recently waltzed into the IT vaults of Anthem, the second-largest U.S. health insurer, and walked off with personally identifiable information on about 80 million current and former members, … Continue Reading

Interoperability 2017 – Will the latest government plan be the golden spike that connects the EHR rails?

Seemingly picking up where we left off in our recent white paper and Advisory Board article, the Obama administration released a 166-page draft plan January 30th intended to drive providers and patients toward a common set of electronic clinical information and a commitment to more fully connected EHR systems by the end of 2017.… Continue Reading

Unique Considerations in Healthcare M&A Part 1 – Due Diligence

Due diligence is often perceived as a mundane part of the mergers & acquisitions (M&A) process, but its importance in healthcare transactions is critical. Due diligence is one of the first steps of any transaction and involves a buyer undertaking an in-depth examination of the target to evaluate the business and uncover potential issues or … Continue Reading

Data security lessons learned from FIN4 cyber attacks

By now you have probably heard about the ongoing FIN4 cyber attacks on publicly traded entities in the healthcare and pharmaceutical industries. If not, here’s a brief recap. On Sunday, Nov. 30, security consulting firm FireEye published a report on the current hacking efforts of a group dubbed FIN4. FIN4 has targeted more than 100 … Continue Reading

Husch Blackwell attorneys address Ebola challenges

A Dec. 1 Strafford webinar on the legal and regulatory challenges of Ebola will feature five Husch Blackwell attorneys. The 90-minute CLE webinar with interactive Q&A will provide guidance to healthcare counsel and their clients in addressing HIPAA and EMTALA concerns when treating Ebola patients. The panel will discuss state and federal mandatory reporting requirements, … Continue Reading

HHS releases reminder about HIPAA rules in wake of Ebola outbreak

The U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR) released a bulletin on Nov. 10 reminding entities covered under the Health Insurance Portability and Accountability Act (HIPAA) that the protections continue to be in effect during emergencies, including Ebola and other outbreaks. HHS wants to make sure healthcare providers are … Continue Reading

Upcoming webinar to offer legal, regulatory considerations for healthcare professionals preparing for Ebola

Now that patients with Ebola have landed on U.S. soil, hospitals and other healthcare providers must prepare for the possibility that a patient with Ebola will walk through the doors. In this Oct. 30 webinar, Husch Blackwell presenters will look at some of the pressing legal issues related to treating patients with communicable diseases such … Continue Reading

New White Paper On Avoiding Liability with EHR Systems Now Available

In the Electronic Health Records (EHR) space, unconnected and competing systems carry the potential for organizational train wrecks. Until robust, efficient, and mandatory interoperability standards emerge, providers should consider linking systems through other means, as failure to do so may lead to malpractice and regulatory compliance issues. A new White Paper, Driving the Golden Spike: … Continue Reading

HIPAA deemed compliance period ends next month

The U.S. Department of Health & Human Services (“HHS”) issued final regulations in January 2013 modifying the privacy, security and enforcement provisions under the Health Information Portability and Accountability Act of 1996 (“HIPAA”). Covered entities and business associates were generally required to comply with the final regulations by Sept. 23, 2013. To reduce administrative burden … Continue Reading
LexBlog