The Office of Civil Rights (“OCR”) is the federal agency that oversees compliance with the Health Insurance Portability and Accountability Act of 1996, and its implementing regulations (“HIPAA”). In that regard, among other...more
5/10/2019
/ Cyber Attacks ,
Data Breach ,
Electronic Medical Records ,
Government Investigations ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI ,
Policies and Procedures ,
Risk Mitigation
On Match Day in March each year, medical students completing their formal education find out where they are going to continue their training in residency. Similarly, those students completing a residency program are...more
The U.S. Department of Health and Human Services Office of Civil Rights (“OCR”) was hard at work at the end of 2018—emphasizing the active efforts we have seen for the past few years from OCR. Below is a brief summary of some...more
3/7/2019
/ Comment Period ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Information Sharing ,
Mental Illness ,
OCR ,
Opioid ,
Personal Data ,
PHI ,
Privacy Policy ,
Value-Based Care
As January gets underway, it is common for us to reflect back on the prior year and set goals for the upcoming year. Whether it is losing weight or maintaining better relationships with loved ones, New Year’s resolutions are...more
As 2018 winds down and 2019 kicks off, it is wise to review various aspects of your practice to ensure everything is up to date and continues to operate in compliance with applicable laws. One area of focus for such review is...more
In this day in age where a vast amount of information is stored electronically and you can buy almost anything with a “1-click” purchase, it comes as no surprise that cyber incidents are on the rise, especially among...more
In the age of electronic medical records and ransomware attacks, recent focus with regard to HIPAA compliance seems to be on electronic security. How are your electronic medical records stored? Do you require two-factor...more
7/11/2018
/ Cyber Attacks ,
Data Breach ,
Electronic Devices ,
Electronic Medical Records ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI ,
Risk Management
I am occasionally asked by providers whether or not they can waive a co-pay for a particular patient. There are many reasons providers wish to waive co-pays: financial hardship, professional courtesy, employee discounts, etc....more
In light of the recent incident in Las Vegas, the Office of Civil Rights (“OCR”), the government entity responsible for HIPAA Compliance, issued clarification guidance on the ability of a health care provider to share...more
Every where you look these days, there seems to be another report of a cyber attack--attacks which do not discriminate based on industry type, size of business, or impact. In other words, everyone is vulnerable. In fact, the...more
7/18/2017
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
Phishing Scams ,
Ransomware ,
Risk Management ,
US-CERT
The following is the third installment of a three-part series discussing important provisions in physician employment agreements.
When a physician leaves a medical practice, especially if the physician stays in the area to...more
With the increased audit activity we are seeing among the alphabet soup of Medicare contractors— RACs, ZPICs, SMRCs, CERTs, etc.—now appears to be a good time for a refresher on the Medicare claims appeals process. Due to...more
The following is the second installment of a three-part series discussing important provisions in physician employment agreements.
When a physician leaves a medical practice, especially if the physician stays in the area...more
The following is the first installment of a three-part series discussing important provisions in physician employment agreements.
When a physician leaves a medical practice, especially if the physician stays in the area...more
In the past several years, a huge increase has occurred in the number of electronic attacks in the United States using ransomware, a form of malware that targets and encrypts critical data and systems for the purpose of...more
2/13/2017
/ Breach Notification Rule ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Malware ,
OCR ,
PHI ,
Ransomware ,
Reporting Requirements ,
Strict Compliance
The Joint Commission recently announced a change in its policies whereby it will now allow providers to communicate patient orders via text message. The policy applies to all Joint Commission accreditation programs. While the...more
In an effort to review and examine compliance with the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations ("HIPAA"), the Department of Health and Human Services Office for Civil...more
The 2016 Medicare Physician Fee Schedule Final Rule ("Final Rule") contains recent changes to the Federal Stark Law, the majority of which took effect on January 1, 2016. The issuance of the Final Rule on November 16, 2015...more
A patient arrives at your facility with Ebola-like symptoms. After taking the necessary precautions, you run the requisite tests, conduct a patient interview, and determine that in fact the patient has contracted the Ebola...more
This is Part II of a two-part series on the new Medicaid structure in Alabama. Part I of the series, which was published last month, discussed organizational and operational requirements of RCOs. This Part II will discuss the...more
On May 17, 2013, Governor Bentley signed into law Act 2013-261, Ala. Code §§ 22-6-150 et seq., which changes the Alabama Medicaid system from a fee-for-service to a managed care program (the "Act"). This historic legislation...more
Oftentimes, I am asked by physicians how to end the physician-patient relationship. For various reasons, the physician desires to end the relationship and have the parties go their separate ways. Such may stem from a...more
On January 17, 2013, the Department of Health and Human Services ("HHS") released its longawaited final HIPAA rule, which significantly expands certain obligations for covered entities and their business associates (the...more
An ongoing debate in the healthcare field involves the scope of practice for allied health professionals, for example, nurse practitioners and nurse midwives. Allied health professionals oftentimes desire the ability to...more
On January 17, 2013, the Department of Health and Human Services (“HHS”) released its long awaited final HIPAA rule, which significantly expands certain obligations for healthcare providers and their business associates (the...more
2/5/2013
/ Business Associates ,
Compliance ,
Data Breach ,
Decedent Protection ,
Enforcement ,
Fundraisers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Immunization Records ,
Marketing ,
Notice Requirements ,
Patient Rights ,
PHI ,
Privacy Policy ,
Privacy Rule ,
Subcontractors ,
Third-Party