How to Protect Your Practice’s Trade Secrets

Posted on November 8, 2016 by jlcohen

dreamstimemaximum_51887081-flip By: Shobha Lizaso

“Prevention is better than cure” is a maxim that has reigned in the healthcare industry for thousands of years; however, this phrase echoes through the halls of the legal profession as well.

Healthcare practices often neglect to appreciate the value of their confidential information as assets and the need to protect these assets. Although HIPAA and HITECH compliance aids in maintaining the confidentiality of patient records, it does not protect a provider’s trade secrets.

Trade secrets of a healthcare practice may include any of the following: patient lists, financial information, contract rates, contract terms client lists, collection rates, marketing tactics, pricing/discount information, and methods of doing business. If leaked, this information may be used by competitors to secure advantages over a healthcare practice. For example, patient lists could be used to solicit a practice’s patients or contract rates and terms can be used by a competitor to undercut the rates of a practice. Continue reading →

Physician Communications: Considerations for Using Text Messages and Social Media

Posted on March 6, 2015 by jlcohen

By: Jackie Bain

It is becoming easier and easier for physicians to communicate with each other and their patients. And although open communication is generally thought of as positive, the medical profession should proceed with caution. Patients and consulting physicians rely heavily on their communications with their treating physicians. Thus, communications which do not require the thought of focus that a physician would otherwise give to a situation may result in disaster. While there are many potential ways a physician might use text messaging and social media both professionally and personally, we will focus generally on physician interactions with other physicians, and physician interactions with patients.

To start, physicians should be aware that, in 2011, the American Medical Association issued guidelines in its Code of Ethics for physicians who use social media: Continue reading →

Fall 2014 HIPAA Audits: Is Your Business Ready?

Posted on October 9, 2014 by jlcohen

By: Jackie Bain

Section 13411 of the HITECH Act authorizes and requires the Department of Health & Human Services Office for Civil Rights (“OCR”) to provide for periodic audits to ensure that covered entities and business associates comply with the HIPAA Privacy and Security Rules. OCR conducted its first round of those audits in 2011 and 2012, and has announced that it will begin a second phase. Unlike the first phase of audits, which were limited to covered entities, both covered entities and business associates are intended to be audited during this second phase.

How will audited businesses be selected?

This fall, OCR will deliver pre-audit surveys to between 550 and 800 covered entities. OCR is attempting to obtain a fair snapshot of all covered entities, so these pre-audit surveys will be sent to health care providers, health plans, and health clearinghouses. Moreover, the audits will span the gamut of business sizes, from large corporations to solo practitioners. After pre-audit surveys are returned, OCR will randomly select 350 of those covered entities for a full audit. As a part of these full audits, covered entities will be asked to identify their business associates. OCR will then select 50 business associates to participate. Continue reading →

$800,000 HIPAA Settlement for Leaving Patient Records on Physician’s Front Porch

Posted on June 23, 2014 by jlcohen

The Department of Health and Human Services announced this morning that it has entered into a settlement agreement with Parkview Health System, Inc., an Indiana medical group caught up in HIPAA violation case. Parkview was assisting a retiring physician to transition her patients to new providers. Parkview was also considering purchasing some of the physician’s patient records. When Parkview attempted to return between 5,000 and 8,000 patient records to the physician, she was not home to accept their return. Parkview employees left cardboard boxes containing between 5,000 and 8,000 patient medical records outside of the physician’s home, and within twenty feet of a public road. In settlement and release of HHS’ claims against Parkview for such a HIPAA violation, Parkview agreed to pay the Department of Health and Human Services $800,000 and enter into a Corrective Action Plan. The entire Resolution Agreement between Parkview and HHS is available here.

Florida Clinical Labs Must Now Give Patients Direct Access to Their Laboratory Test Results

Posted on February 11, 2014 by jlcohen

By: David Hirshfeld

In an effort to help individuals access their health information so that they can become more actively involved in managing their own health care, several agencies within the Department of Health and Human Services promulgated a rule that modifies the Clinical Laboratory Improvement Amendments (“CLIA”) and the Health Insurance Portability and Accountability Act (“HIPAA”) in a way that supersedes Florida State laws governing the disclosure of laboratory test results directly to patients.

Continue reading →

HIPAA Stings Dermatology Practice

Posted on January 8, 2014 by jlcohen

The US Department of Health and Human Services, Office of Civil Rights is the chief enforcer of HIPAA. The Office’s recent enforcement of HIPAA with respect to a Massachusetts derm practice is illustrative of how the government views HIPAA and how vulnerable medical practices are. Continue reading →

Board of Medicine: New Rule Regarding Adequacy of Medical Records for Compounded Medication

Posted on September 9, 2013 by jlcohen

The Florida Board of Medicine reviewed Rule 64B8-9.003, Florida Administrative Code which provides standards for the adequacy of medical records. The underlined portions below are the new standards required for medical records as it relates to compounded medications. These standards are effective September 9, 2013. Continue reading →

HIPAA Omnibus Final Rules and Penalties

Posted on March 18, 2013 by jlcohen

On Friday January 25, 2013, the Department of Health and Human Services published the Final Rule modifying the HIPAA privacy, security, enforcement, and breach notification rules under the Health Information Technology for Economic and Clinical Health Act (“HITECH”) and the Genetic Information Non-Discrimination Act (“GINA”) as well as other modifications to the HIPAA rules. (See 45 CFR Parts 160 and 164, Federal Register Volume 78 Number 17.)

The omnibus rule actually contains four final rules. The first final modifications to HIPAA which were mandated by “HITECH” include modifications intended to improve the Rules which were issued as a proposed rule on July 14, 2010 include six modifications.

The first omnibus final rule includes direct liability modifications for business associates of covered entities for compliance with certain HIPAA privacy and security rule requirements. Strengthening of limitations on the use and disclosure of protected health information, expanded individuals’ rights to receive electronic copies of their health information, modification and redistribution of entities privacy practices protocols, modification of individual authorization forms and other requirements to facilitate research and disclosure of child immunization proof to schools as well as to enable access to decedent information and lastly the enforcement rules have been modified to address violations such as non-compliance with HIPAA rules due to willful neglect.

The second omnibus final rule adopts changes to the HIPAA enforcement rule that increase the civil monetary penalties in a tiered manner.

The third omnibus final rule involves the breach notification for unsecured protected health information under the “HITECH” act. This rule replaces the prior rules “harm” threshold with a more objective standard.

Finally, the fourth rule prohibits most health plans from using or disclosing genetic information for underwriting purposes.

These final rules take effect this month on March 26, 2013. Covered business entities and business associates must comply with the applicable requirements by September 23, 2013. The penalties for violating the final rules are now as follows:

TABLE 2 – CATEGORIES OF VIOLATIONS AND RESPECTIVE PENTALTY AMOUNTS AVAILABLE

Violation Category – Section 1176 (a)(1)

Each Violation

All such violations of an identical provision in a calendar year

(A) Did Not Know(B) Reasonable Cause

$100-$50,0001,000-50,000

10,000-50,000

50,000

$1,500,0001,500,000

1,500,000

Providers need to be aware of the penalties for violating the rules as we most recently reported to you the office of civil rights will not hesitate in sanctioning providers for violating the Act in amounts in excess of $1.5 million.

Final Privacy Rule Affects Clinical Research Organizations

Posted on February 5, 2013 by jlcohen

The final HITECH Act rule was published on January 25^th, and it includes revisions to HIPAA. The two things affected by the new rule are (1) compound authorizations, and (2) authorizations for future research.

Compound authorizations are basically authorizations for two separate uses of protected health information (PHI). The new rule allows combining an authorization for a research study with any other written permission for the same study, such as authorization to participate in the research. The core elements of a valid authorization remain in place. The intent is just to provide some flexibility in clinical research settings.

Traditionally, authorizations had to be study specific. The new rule allows authorizations not to be study specific, but they have to describe future uses or disclosures in a way that patients will understand that their PHI could be used in future research.

Closely Monitoring the 26.5% Medicare Physician Payment Threat

Posted on December 20, 2012 by jlcohen

Via HCMA, SGR Advocacy Alert from the AMA – – – – The negotiations between Speaker Boehner and President Obama on the Lame Duck tax and deficit reduction package are at an impasse. There is a very real threat of the 26.5 percent Medicare physician payment cut taking effect on January 1, 2013, at least temporarily.

If Congress does adjourn without addressing the payment cut being induced by the sustainable growth rate (SGR) formula, the Administration announced today that the Centers for Medicare and Medicaid Services will follow normal claims processing procedures.

That is, claims will not be held and Medicare carriers will process payments for physician services provided after December 31 under the normal 14-day cycle required by law. Payment for these claims would be based on the new, lower fee schedule conversion factor of $25.0008, as opposed to the current rate of $34.0376.

At this time, it is impossible to predict whether the 112th Congress will find a way to pass a stop-gap measure before adjourning, how long such a measure would last, or how long payment cuts will be in effect before legislation can be passed after the 113th Congress convenes in January. It is highly unusual for a new Congress to enact significant legislation in the first month of its session, but the circumstances facing our nation today are far from typical.

It is inexcusable that Congress is once again putting the 47 million Medicare patients and the practices of physicians who provide them needed health care at significant risk. The Medicare program has become unreliable and its instability undermines efforts by physicians to implement new health care delivery models that stand to improve value for seniors and other beneficiaries through better care coordination, chronic disease management, and keeping patients healthy.

The AMA believes that the financial disruption this situation will cause for physicians and their practices is unacceptable, and we will continue to fervently convey this message in the strongest possible terms to Congress and the Administration, as we have for the past several weeks. Our patient and physician grassroots networks have been activated, and we are seeking your voices to tell Congress just how deeply its inaction will affect you.

Despite these efforts, at this time we feel compelled to advise physicians to start making plans for steps they can take to mitigate this disruption and meet their own financial obligations in January, in case the 26.5 percent cut actually takes effect. Given the potential impact on practice revenue in early January, physicians should be certain adequate arrangements are in place to sustain their practices. For those physicians who are forced into the untenable position of limiting their involvement with the Medicare program because it threatens the viability of their practices, we urge that patients be notified promptly so that they, too, can explore other options to seek health care and medical treatment.

Florida Healthcare Law Firm Blog

Category Archives: HIPAA