This issue of McDermott’s Healthcare Regulatory Check-Up highlights regulatory activity for February 2024. We discuss various regulatory developments, including guidance on the use of AI in coverage decisions and texting...more
Research from Guidepoint Security found that 2023 saw an 80% increase in ransomware activity year-over-year, driven in part by multiple mass exploitation campaigns impacting hundreds of organizations. In total, the report...more
HIPAA applies to both covered entities (e.g., healthcare providers and health plans) and their business associates. A “business associate” is generally a person or entity that “creates, receives, maintains or transmits”...more
On September 15, 2021, in response to the “proliferation of apps and connected devices that capture sensitive health data” the Federal Trade Commission (FTC) issued a Policy Statement (the Statement) offering guidance on the...more
Certain California-licensed healthcare facilities are now subject to additional breach reporting obligations pursuant to regulations (Regulations)[1] issued by the California Department of Public Health (Department) on July...more
On June 23, 2020, the Arizona Court of Appeals issued its opinion concerning In Re: MH2019-004895, vacating the trial court’s order for involuntary treatment because the trial court improperly allowed the patient’s clinical...more
Can an employer be held liable for an employee’s HIPAA violation even if the employee engaged in an unauthorized act that was motivated by the employee’s own personal interest? In the recent decision of SoderVick v. Parkview...more
Allergy Associates of Hartford, P.C., entered into a Resolution Agreement and agreed to pay $125,000 to the U.S. Department of Health and Human Services, Office for Civil Rights (HHS) in order to settle certain Health...more
Recent high-profile stories of family members secretly recording inside skill nursing facilities (SNFs) and then sharing those recordings with the media or trying to use them in court proceedings against providers have...more
In the latest twist in a case that began last year, an administrative law judge (ALJ) agreed that a $4.3 million penalty, levied by the Office of Civil Rights (OCR) against the MD Anderson Cancer Center as a result of HIPAA...more
Conducting HIPAA Breach Risk Assessments - The HIPAA rules relating to assessment of potential patient confidentiality breaches were changed in 2013. Specifically, on January 17, 2013, the Office of Civil Rights released...more
Imagine this: Dr. Primary is treating Patty Patient for substance abuse and emails Patty Patient’s protected health information (PHI) to a treatment clinic. Before the email arrives at the clinic, it is intercepted by a third...more
Last week, the Federal Trade Commission (FTC) announced (press release) that Practice Fusion, the largest cloud-based electronic health company in the United States, has agreed to settle FTC charges over deceptive practices...more
A lab tech working at a Las Vegas pediatric cardiology practice has been indicted on one count of illegal use and disclosure of patient health information and one count of aggravated identity theft. The lab tech had...more
In the past few years, medical devices have become a major target for online criminals. Not only are medical devices considered to be one of the easiest and most vulnerable points of entry into a health care enterprise, they...more
The confidential health information of 1,615 Medicaid patients may have been compromised by the North Carolina Department of Health and Human Services (NC DHHS) on August 19, 2015, though the fact that this potential breach...more
Safeguarding patient information is at the core of responsibilities for health care entities under the Health Insurance Portability and Accountability Act (HIPAA). But safeguarding patient information isn’t just a regulatory...more
With the onslaught of Affordable Care Act changes, health plan sponsors have much to think about lately. Given the number of other issues affecting them, plan sponsors may feel that HIPAA privacy and security is an issue they...more
In two recent reports, each with a specific focus, the OIG strongly recommended that the Office for Civil Rights (OCR) step up its HIPAA oversight and enforcement activities. One report assessed the OCR’s oversight of covered...more
The Office of Inspector General (OIG) of the U.S. Department of Health and Human Services (HHS) issued two reports yesterday calling for the HHS Office of Civil Rights (OCR) to strengthen its Health Insurance Portability and...more
Earlier this month, a California jury found the University of California, Los Angeles Health System (UCLA) not liable for damages that allegedly resulted when a medical office assistant, Alexis Price, improperly accessed and...more
Last week, UCLA notified 1242 patients that their health information may have been compromised in July when a faculty member’s laptop was stolen. UCLA has notified the patients, the Office for Civil Rights and the California...more
Last week, Cancer Care Group, P.C. (CCG), an Indiana radiation oncology practice, agreed to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by paying $750,000 and adopting...more
The 56 Dean Street Clinic, which is operated by the Chelsea and Westminster NHS Trust and specializes in HIV and other sexual health services, has apologized for the error which revealed (to all 780 recipients) the full names...more
Cancer Care Group, P.C. (“CCG”), a radiation oncology physician group practice in Indiana, agreed to pay $750,000 for a breach of unsecured electronic protected health information (“ePHI”). CCG will also implement a...more