Last week, the Office of Inspector General (OIG) for the Department of Health and Human Services (HHS) issued Advisory Opinion No. 22-09 (AO 22-09), which addresses a proposed arrangement pursuant to which the operator of a...more
The U.S. Department of Justice (DOJ) has continued to investigate and prosecute alleged COVID-19 related fraud over the past two years since the pandemic began. On Thursday, DOJ announced the appointment of a Director for...more
The U.S. Department of Justice (DOJ) recently announced its latest national enforcement action related to health care fraud (National Enforcement Action) in which DOJ filed criminal charges against 142 defendants. The...more
The U.S. Department of Justice and U.S. Health and Human Services Office of Inspector General recently announced the indictment of a pharmacy marketer who allegedly received and paid kickbacks in violation of the federal...more
The U.S. Department of Health and Human Services (HHS) recently released a final rule further amending 42 CFR Part 2 regulations (Part 2) to allow greater sharing of patient records related to substance use disorder (SUD)...more
7/20/2020
/ Confidentiality Policies ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Drug & Alcohol Abuse ,
Final Rules ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opioid ,
Patient Privacy Rights ,
Prescription Drugs ,
Substance Abuse
Last Thursday, the Massachusetts Board of Registration in Medicine (BORIM) approved its first permanent telehealth policy. The Board’s policy provides that: (1) a “face-to-face encounter" is not a pre-requisite for a...more
Last week, the Centers for Medicare and Medicaid Services (CMS) announced additional waivers of limitations on Medicare reimbursement of telehealth services and updated its summary of COVID-19 blanket waivers. We’ve...more
As we’ve previously discussed on the blog, telehealth is playing a critical role in delivering care during the COVID-19 pandemic. Both Congress and states continue to take action to expand the use and reimbursement of...more
The Department of Health and Human Services (HHS) has taken many actions to loosen or waive requirements on the provision of health care during the current coronavirus pandemic, as we discussed yesterday and Tuesday. In...more
Telehealth is going to play a critical role in the delivery of care in the coming weeks and months as health care providers respond to the COVID-19 pandemic. As the CDC and other public health agencies continue to recommend...more
Last week, the Third Circuit joined several other appellate courts in finding that medical opinions related to medical necessity of hospice services can be subject to scrutiny and found to be “false” for purposes of proving a...more
It feels like we’ve been seeing a lot more health care breaches caused by hackers and other IT security incidents, and there’s a good reason why: a recent report by cloud security company Bitglass confirms that both the...more
As the decade winds down, it’s hard to believe that the HIPAA Privacy and Security Rules are almost twenty years old. It has been ten years since the U.S. Department of Health and Human Services (HHS) Office for Civil Rights...more
12/24/2019
/ Business Associates ,
California Consumer Privacy Act (CCPA) ,
Civil Monetary Penalty ,
Covered Entities ,
Data Breach ,
Data Security ,
Enforcement Actions ,
FBI ,
General Data Protection Regulation (GDPR) ,
Government Investigations ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
OCR ,
Patient Privacy Rights ,
PHI ,
Phishing Scams ,
Ransomware
The Centers for Medicare & Medicare Services (CMS) recently published a final rule with comment period (the “Final Rule”) that is designed to increase CMS’s ability to identify and prevent bad actors from participating in...more
9/13/2019
/ Affiliates ,
Bad Actors ,
Centers for Medicare & Medicaid Services (CMS) ,
Children's Health Insurance Program (CHIP) ,
Comment Period ,
Disclosure Requirements ,
Enrollment ,
Final Rules ,
Health Care Providers ,
Health Insurance ,
Medicaid ,
Medicare
Earlier this month, the Office of Inspector General for the U.S. Department of Health and Human Services (OIG) released two reports regarding its concerns and recommendations related to quality of care at hospice facilities....more
The HHS Office for Civil Rights (OCR) released a new guidance document regarding which HIPAA violations business associates (BAs) can and cannot be held directly liable for. In the guidance, OCR states that BAs can be held...more
The Maryland General Assembly recently passed a bill that permits any person to directly or indirectly advertise diagnostic laboratory tests in the state, with certain limitations. The bill currently awaits the Governor’s...more
Regular readers of the blog won’t be surprised to hear that there has been another data breach, this time involving a business associate in charge of storing medical records on behalf of health care providers and insurers....more
Last week the Department of Justice (DOJ) announced a $57 million settlement with electronic health record (EHR) software vendor Greenway Health LLC (Greenway). According to DOJ, Greenway violated the False Claims Act (FCA)...more
2/14/2019
/ Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
EHR ,
Electronic Health Record Incentives ,
False Claims Act (FCA) ,
Health Care Providers ,
Meaningful Use ,
Medicaid ,
Medicare ,
OIG ,
Settlement Agreements ,
Software ,
Third-Party Service Provider
Today, we’re looking back at HIPAA and other privacy and security developments in 2018. This past year saw continued HIPAA enforcement (including the largest ever fine for a HIPAA breach), reminders from the OCR on best...more
1/7/2019
/ Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
General Data Protection Regulation (GDPR) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Popular ,
State Data Breach Notification Statutes
Last week, the Office for Civil Rights (OCR) announced that it had reached a settlement with a contract physician group based in Florida to resolve potential HIPAA violations relating to the sharing of protected health...more
12/13/2018
/ Breach Notification Rule ,
Business Associates ,
Corrective Actions ,
Cybersecurity ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
OCR ,
PHI ,
Policies and Procedures ,
Settlement Agreements
As we discussed last week, the Department of Health and Human Services (HHS) recently published its semi-annual regulatory agenda. In addition to the proposed rules on fraud and abuse, drug pricing, digital health, and...more
The July 2018 cyber security newsletter issued by the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) reminds health care providers and their business associates of the importance of properly...more
8/13/2018
/ Cybersecurity ,
Data Protection ,
Electronic Devices ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Personally Identifiable Information ,
Popular ,
Record Retention
Privacy and security compliance obligations for health care companies remain hot topics this spring. Health care companies must now contend with data breach laws in all 50 states as well as keeping on top of federal HIPAA...more
6/21/2018
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Cybersecurity ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Guidance ,
OCR ,
Personally Identifiable Information ,
Revocation ,
State and Local Government ,
State Data Breach Notification Statutes
The May 2018 cyber security newsletter from the U.S. Department of Health and Human Services Office for Civil Rights (OCR) focused on a topic often overlooked by covered entities and their business associates: physical...more