Health IT |

Former White House Cybersecurity Coordinator Schmidt, Stamer & Others Share Key HIPAA & Other Privacy & Data Security Insights 5/21 In LA

May 3, 2013

SLP Readers Get Discount: Go to
blocked::http://securitysummitla.eventbrite.com/” href=”http://securitysummitla.eventbrite.com/” data-mce-href=”http://securitysummitla.eventbrite.com/”://securitysummitla.eventbrite.com/ and enter Promotional Code: Health_Summit_125

Former White House Cybersecurity Coordinator Howard Schmidt and Solutions Law Press, Inc. editor attorney Cynthia Marcotte Stamer are two of an impressive lineup of leaders scheduled to share key HIPAA & other privacy and data security compliance and risk management strategies at the Healthcare HITECH Privacy and Security Summit at the Fifth Annual Information Security Summit on May 21 in Los Angeles. The program offers essential insights for hospitals, physicians, and other health care providers, health plans and insurers, employers and other health plan sponsors, fiduciaries and administrators, their business associates and other business partners and others on what their organizations should do to cope with the rapidly changing and expanding privacy and data security obligations of HIPAA and other federal and state laws.

With the rapidly approaching and privacy and data breach penalties and enforcement rising, health care providers, health plans, health care clearinghouses and their business associates must get moving to update business associate contracts, policies and notices and processes to meet changing HIPAA rules while managing ongoing compliance and risks.

Former Cybersecurity Coordinator Schmidt Keynotes

The Healthcare HITECH Privacy and Security Summit will bring together leaders in Privacy and Security within government and private industry for a day of collaboration, networking and presentations by leading Privacy and Security professionals sharing who HIPAA covered entities and business associates need to know to comply with new HITECH rules and OCR investigations.

Stamer Speaks On Latest HIPAA Rules & Developments

Solutions Law Press, Inc. editor attorney Cynthia Marcotte Stamer will help lay the foundation for the workshop by briefing participants on changes made to HIPAA rules by the new Omnibus HIPAA Rulemaking changes that the Office of Civil Rights (OCR) plans to start enforcing in September, 2013.

Armed with the latest insights from serving as the scribe for the ABA JCEB annual agency meeting with the Office of Civil Rights (OCR), Ms. Stamer, a practicing attorney and widely published author and speaker, will discuss required changes and other recommended steps and strategies that covered entities and their business associates should take to maintain HIPAA compliance and manage HIPAA and other related risks in light of the Omnibus HIPAA Rulemaking changes, new OCR guidance for health care providers about disclosures to avert threats to health or safety, recent audit and enforcement activities and other changing risks and responsibilities including:

The latest on OCR’s regulatory guidance, audit and investigation and enforcement rules, actions and strategies and their implications on covered entities and business associates;
Changes to breach notification rules and their implications on covered entities and their business associates;
Practical implications of new rules on who is covered and their responsibilities;
Required and recommended updates to policies, business associate and other agreements, privacy notices and other HIPAA compliance arrangements;
Effective training and other risk management strategies;
Planning for, investigating and mitigating PHI privacy breaches and other compliance concerns under new rules other selected events; and
Other selected strategies for coordinating HIPAA and other privacy and data breach responsibilities and risk management; and
Participant questions.

For a complete agenda, to register, to get details on sponsorship or for other information, see here.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters.

A board certified labor and employment attorney widely known for her extensive and creative knowledge and experience with health plan privacy and data security matters, Ms. Stamer serves as the scribe for the ABA JCEB Annual Technical Session meeting with OCR each May and has worked, spoken and published extensively on these and other privacy and data security concerns and controls. Extensively published and a popular speaker on HIPAA and other data security matters, Ms. Stamer works extensively with health care providers, health plans, employers, insurance and financial services, technology and other clients on privacy, data seurity and other privacy and cybercrime concerns. She also serves as the Scribe for the ABA JCEB Agency Techical Sessions Meetings with the Office of Civil Rights which occur each May in Washington, D.C.

Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to DEA and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN. ©2013 Cynthia Marcotte Stamer, P.C. Non-exclusive license to republish granted to Solutions Law Press. All other rights reserved.

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Border Health, Childrens Health Insurance Program, Consumer Driven Health Care, Corporate Compliance, DME, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health IT, Health Plan, Health Plans, HIPAA, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: Breach Notification, Data Breach, Data Security PHI, HIPAA, personal financial information, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

CMS Proposes To Further Tighten Medicare Provider Enrollment Rules

May 1, 2013

The proposed rule would also strengthen certain provider enrollment provisions including allowing HHS to deny enrollment of providers affiliated with an entity that has unpaid Medicare debt, deny or revoke billing privileges for individuals with felony convictions, and revoke privileges for providers and suppliers who are abusing their billing privileges.

Since provider enrollment is the gateway to Medicare, CMS routinely evaluates its provider enrollment policies, and has implemented new safeguards as a result of the Affordable Care Act. In the February 2011 final screening rule (72 FR 5862). CMS identified additional changes in enrollment policy that would increase the integrity of the Medicare program. Now, CMS is proposing include the following provisions:

Add the ability to deny the enrollment of providers, suppliers and owners affiliated with an entity that has unpaid Medicare debt. This proposal would prevent individuals and entities from being able to incur substantial debt to Medicare, leave the Medicare program and then re-enroll as a new business to avoid repayment of the outstanding Medicare debt. We are proposing that CMS would only enroll individuals or entities if they repay the debt or enter into a repayment plan, if they are otherwise eligible for the program.
Deny enrollment or revoke the billing privileges of a provider or supplier if a managing employee has been convicted of certain felony offenses. This provision ensures that CMS can block or remove bad actors from the Medicare program to protect beneficiaries and safeguard the Medicare Trust Fund.
Permit CMS to revoke billing privileges of providers and suppliers that have a pattern or practice of billing for services that do not meet Medicare requirements. This proposal is intended to address providers and suppliers that regularly submit inaccurate claims in such a way that it poses a risk to the Medicare program.
Make the effective date of billing privileges consistent across certain provider and supplier types. Most practitioners and practitioner groups may only submit bills as of the filing date of their enrollment application. CMS is proposing to eliminate ambulance suppliers’ current ability to bill for up to a year prior to enrollment in the Medicare program. CMS is also proposing to require that ambulance providers and other provider and supplier types submit any claims within 60 days of revocation of billing privileges, consistent with the requirements for practitioners and practitioner groups.

For More Information Or Assistance

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health IT, Health Plan, Health Plans, HIPAA, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: Acute Care, CMS, Hospital, Medicare, PPS, Prospective Payment, Skilled Nursing, SNF | Permalink
Posted by Cynthia Marcotte Stamer

HHS Proposes Increasing Health Care Fraud Reporting Rewards To Up To $9.9 Million

May 1, 2013

The Department of Health and Human Services (HHS) Centers for Medicare & Medicaid Services (CMS) plans to increase rewards paid to Medicare beneficiaries and others whose tips about suspected fraud lead to the successful recovery of funds to as high as $9.9 million. Secretary Kathleen Sebelius announced proposed regulations that would increase the penalties on April 24. In addition, a new funding opportunity released this month supports the expansion of Senior Medicare Patrol (SMP) activities to educate Medicare beneficiaries on how to prevent, detect and report Medicare fraud, waste and abuse.

The Obama Administration has made health care fraud prosecutions and settlement a key element of its health care cost containment plan. Over the last three years, the administration claims its enforcement efforts have recovered over $14.9 billion in fraud, some of which resulted from fraud reporting by individuals.

Summary Of The SMP Incentive Reward Program Proposals

The SMP is a national, volunteer-based program that empowers Medicare beneficiaries to prevent and report Medicare fraud, waste, and abuse. Since 1997, HHS reports more than 7,000 referrals have been made to CMS and the Office of the Inspector General (OIG) for investigation since 1998.

Under the proposed changes, CMS is proposing to increase the potential reward amount for information that leads to a recovery of Medicare funds from 10 percent to 15 percent of the final amount collected. HHS currently offers a reward of 10 percent up to $1,000 under the current incentive reward program. In changes are modeled on an IRS program that has returned $2 billion in fraud since 2003, HHS proposes to increase the portion of the recovery on which CMS will pay a reward up to the first $66 million recovered – this means an individual could receive a reward of $9.9 million if CMS recovers $66 million or more.

HHS began paying rewards to individuals who reported tips that led to the recovery of funds in 1998. According to HHS, to date, HHS has recovered approximately $3.5 million as a result of this program and paid just $16,000 for 18 rewards. The proposed changes are similar to the IRS whistleblower program that has resulted in recoveries of over $2 billion since 2003.

To expand the SMP program’s capacity to reach more Medicare beneficiaries, the Administration for Community Living issued a new funding opportunity. Each of the current 54 SMP projects is eligible for varying funding levels, up to a total of $7.3 million across the program.

HHS says thhese proposed changes will support the administration’s comprehensive approach to program integrity, including the work being done with the Health Care Fraud Prevention and Enforcement Action Team, a joint effort between HHS and the Department of Justice to fight health care fraud. The Obama Administration credits this joint effort with recovering a record $4.2 billion in taxpayer dollars in fiscal year 2012.

The proposed increase in the reward for blowing the whistle on health care fraud is intended to fuel further reports by beneficiaries, workers and others of suspected health care fraud. Health care providers should share any concerns about the proposed increase in the rewards as well as review and tighten their health care fraud prevention and risk management to defend against rising exposures.

For more details, read a fact sheet on the proposed rule available here for more details.

For More Information Or Assistance

About Solutions Law Press

CMS Proposes Changes To Accute Care Hospital & Skilled Nursing Facility Propective Payment Rules

May 1, 2013

Acute care hospitals and skilled nursing facilities participating in Medicare should review proposed changes to key Medicare reimbursement rules and act quickly to share feedback on any provisions of significant concern.

The Centers For Medicare & Medicaid Services (CMS) is proposing changes to its Prospective Payment Systems and other reimbursement key reimbursement rules for Hospitals and Skilled Nursing Facilities for Fiscal Year (FY) 2014. Advance copies of the proposed rules were made available May 1.

CMS’ proposed rules on Prospective Payment System and Consolidated Billing for Skilled Nursing Facilities for FY 2014 are scheduled for official publication on May 1, 2013.

CMS’ proposed rules on Hospital Inpatient Prospective Payment Systems for Acute Care Hospitals and Long Term Care Hospital Prospective Payment System, etc. are scheduled for official publication on May 10, 2013.

Acute care hospitals and skilled nursing facilities should evaluate the implications of the proposed changes and provide relevant feedback as necessary to CMS.

For More Information Or Assistance

About Solutions Law Press

OCR Shares New Tools to Educate Consumers and Providers about HIPAA Privacy and Security

April 30, 2013

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has developed an array of new tools to educate consumers and health care providers about the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules.

Many consumers are unfamiliar with their rights under the HIPAA Privacy Rule. With that in mind, OCR has posted a series of factsheets, also available in eight languages, to inform consumers about their rights under the HIPAA Privacy Rule. These materials are available on OCR’s website here.

The fact sheets compliment a set of seven consumer-facing videos released earlier this year on OCR’s YouTube channel. An additional video, The HIPAA Security Rule, has been designed for providers in small practices and offers an overview of how to establish basic safeguards to protect patient information and comply with the Security Rule’s requirements. The videos are available on the HHS OCR YouTube Channel at here.

OCR has also launched three modules for health care providers on compliance with various aspects of the HIPAA Privacy and Security Rules, available at Medscape.org:

Patient Privacy: A Guide for Providers at here;
HIPAA and You: Building a Culture of Compliance here; and
Examining Compliance with the HIPAA Privacy Rule here.

The Medscape modules offer free Continuing Medical Education (CME) credits for physicians and Continuing Education (CE) credits for health care professionals.

For More Information Or Assistance

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health IT, Health Plan, Health Plans, HIPAA, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: Covered Entities, Data, Health Care, Health Plans, HIPAA, HIPAA Audits, OCR, Privacy, Security | Permalink
Posted by Cynthia Marcotte Stamer

HHS Publishes Medicaid Expansion Final Regs, Invites Public Comment

April 1, 2013

The Department of Health & Human Services (HHS) has published its final rule with a request for comments that provides, effective January 1, 2014, the federal government will pay 100 percent of the cost of certain newly eligible adult Medicaid beneficiaries. These payments will be in effect through 2016, phasing down to a permanent 90 percent matching rate by 2020. The Affordable Care Act authorizes states to expand Medicaid to adult Americans under age 65 with income of up to 133 percent of the federal poverty level (approximately $15,000 for a single adult in 2012) and provides unprecedented federal funding for these states.

Under the Affordable Care Act, states that cover the new adult group in Medicaid will have 100 percent of the costs of newly eligible Americans paid for by the federal government in 2014, 2015, and 2016. The federal government’s contribution is then phased-down gradually to 90 percent by 2020, and remains there permanently. For states that had coverage expansions in effect prior to enactment of the Affordable Care Act, the rule also provides information about the availability of an increased FMAP for certain adults who are not newly eligible.

For the full text of the final rule, see http://www.ofr.gov/inspection.aspx.

For More Information Or Assistance

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health IT, Health Plan, Health Plans, HIPAA, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: Covered Entities, Data, Health Care, Health Plans, HIPAA, HIPAA Audits, OCR, Privacy, Security | Permalink
Posted by Cynthia Marcotte Stamer

Hospitals with 2012 CMS Adverse Complaint Inspection Reports in AHCJ Data Bank Should Prepare Response

March 27, 2013

Acute-care and critical access hospitals that had adverse complaint inspections in 2012 by the Centers for Medicare & Medicaid Services (CMS) may want to prepare to respond to press and public inquiries. The Association of Health Care Journalists (AHCJ) updated its website, healthcareinspectionreports.com, to include details about deficiencies cited during complaint inspections at acute-care and critical access hospitals throughout the United States since January 1, 2011 obtained from CMS.

Although AHCJ cautions in its website that the posted data should not be used to rank hospitals because of omissions and limitations in the data, hospitals with posted reports in the data bank should expect that the reports on their hospital may draw the attention of the media, patients, health plans and others.

AHCJ publishes the reports, which historically have not been easily accessible to the general public. AHCJ cautions that the data is not necessarily complete and should not be used to rank hospitals within a state. AHCJ says data on acute-care and critical hospital access hospitals is incomplete because CMS has just begun gathering this data and releasing it in electronic format. AHCJ also says some reports are missing narrative details. Beyond that, CMS acknowledges that other reports that should appear may not. It does not include results of routine inspections or those of psychiatric hospitals or long-term care hospitals. It also does not include hospital responses to deficiencies cited during inspections. Those can be obtained by filing a request with a hospital or the U.S. Centers for Medicare and Medicaid Services (CMS).AHCJ to make future iterations of this data more complete. At this time, this data should not be used to rank hospitals within a state or between states. It can be used to review issues identified at hospitals during recent inspections.

Subject to these limitations, an individual wishing to review the available data can click on a state on the map will retrieve a list of all hospitals with their violations grouped together.

In anticipation of potential media or public review and reaction to the AHCJ website posting, hospitals with adverse reports posted on the website should consider acting proactively. Hospitals should consult with counsel and their public relations team to plan and prepare a factually accurate response to the shared reports and other suitable mitigation activities.

For More Information Or Assistance

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health IT, Health Plan, Health Plans, HIPAA, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: health care quality, Health Plans, Hospitals, Public Relations | Permalink
Posted by Cynthia Marcotte Stamer

OCR Invites Comments On Plans to Survey HIPAA Covered Entities Audited Under 2012 HIPAA Audit Program

March 25, 2013

The Department of Health & Human Services (HHS) Office of Civil Rights (OCR) wants to ask the 115 health plans, health care clearinghouses, and health care providers (covered entities) that OCR audited in 2012 for compliance with Privacy and Security Rules of the Health Insurance Portability & Accountability Act (HIPAA) under its HIPAA Audit Program to share feedback about their experience. The planned survey announcement follows OCR’s recent released of restated HIPAA Privacy & Security Rules scheduled to take effect in September, 2013 and as OCR continues and expanding its HIPAA Audit Program in 2013. All together, the signs are clear that covered entities should update and strengthen their HIPAA compliance and risk management practices to withstand the tightened rules and enforcement.

OCR initiated the HIPAA Audit Program in 2012 to comply with Section 13411 of the Health Information Technology for Economic and Clinical Health Act’s requirement that it audit covered entity and business associate compliance with the HIPAA privacy, security, and breach notification rules. While it continues its HIPAA Audit Program in 2013, OCR also is evaluating the effectiveness of the HIPAA Audit Program audits in 2012.

To this end, OCR currently is conducting a review of the HIPAA Audit program to determine its efficacy in assessing the HIPAA compliance efforts of covered entities. As part of that review, OCR plans to ask covered entities audited under the HIPAA Audit Program in 2012 to complete an online survey about their experience. In anticipation of its conduct of the proposed surveys, OCR is inviting public comment on the burden to Covered Entities to complete the planned online survey, which OCR estimates will take two hours to complete through May 20, 2013. According to OCR, the survey will gather information on the effect of the audits on the audited entities and the entities’ opinions about the audit process. The online survey will be used to:

Measure the effect of the HIPAA Audit program on covered entities;
Gauge their attitudes towards the audit overall and in regards to major audit program features, such as the document request, communications received, the on-site visit, the audit report findings and recommendations;
Obtain estimates of costs incurred by covered entities, in time and money, spent responding to audit-related requests;
Seek feedback on the effect of the HIPAA Audit program on the day-to-day business operations; and
Assess whether improvements in HIPAA compliance were achieved as a result of the Audit program.

OCR says it will use the information, opinions, and comments collected using the online survey to produce recommendations for improving the HIPAA Audit program.

For instructions to comment or more details, see here.

For More Information Or Assistance

About Solutions Law Press

Leave a Comment » | Academic medicine, Affordable Care Act, Anti-KickBack, ASC, Childrens Health Insurance Program, Corporate Compliance, DME, Doctor, Durable Medical Equipment, Electronic Health Records, Electronic Medical Records, Federal Health Center, Federal Sentencing Guidelines, Health Care, Health Care Finance, Health Care Fraud, Health Care Provider, Health Care Quality, Health Care Reform, Health IT, Health Plan, Health Plans, HIPAA, Hospital, Laws, Medicaid, Medicare, Medicare Advantage, Medicare Fee Schedule, Medicare Prescription Drug Program, Mental Heatlh, Money Laundering, OIG, Outpatient, Patient Protection and Affordable Care Act, Pharmacy, Physician, Prescription Drugs, Public Policy, Reimbursement, Rural Health Care, Stark, Substance Abuse | Tagged: Covered Entities, Data, Health Care, Health Plans, HIPAA, HIPAA Audits, OCR, Privacy, Security | Permalink
Posted by Cynthia Marcotte Stamer

Hospital’s Disability Discrimination Settlement 4th In 5 Weeks For Justice Department

March 13, 2013

Health Care Providers Must Strengthen Disability Compliance & Risk Management

Health care providers beware! The Obama Administration is targeting health care providers that violate the Americans with Disabilities Act (ADA) and Section 504 of the Rehabilitation Act of 1973 (Rehab Act) and other federal disability discrimination laws.

On March 13, 2013, the Justice Department announced that Glenbeigh Hospital (Glenbeigh) of Rock Creek, Ohio is the fourth health care provider in five weeks to agree to a settlement with the Justice Department resolving disability discrimination charges brought under its Barrier Free Health Care Initiative (Initiative). The Glenbeigh settlement is one of a growing list of disability discrimination settlements and judgements against health care providers brought by the Justice Department, the Department of Health & Human Resources Office of Civil Rights and other federal agencies.

Barrier Free Health Care Initiative Targets Health Care Providers For Disability Discrimination

Launched on the 22^nd anniversary of the ADA in July 2012, the Initiative is a partnership of the Civil Rights Division and 40 U.S. Attorney’s offices across the nation, that targets ADA and other disability discrimination law enforcement efforts on a critical area for individuals with disabilities.

Part of a broader enforcement initiative of the Obama Administration to enforce and expand federal protections for individuals with disabilities, the Initiative seeks to protect patients with disabilities against illegal disability discrimination by prosecuting health care providers under the ADA and the Rehab Act.

Section 504 of the Rehab Act requires recipients of Medicare, Medicaid, HUD, Department of Education, welfare and most other federal assistance programs funds including health care, education, housing services providers, state and local governments to ensure that qualified individuals with disabilities have equal access to programs, services, or activities receiving federal financial assistance.

The ADA extends the prohibition against disability discrimination to private providers and other businesses as well as state and local governments including but not limited to health care providers reimbursed by Medicare, Medicaid or various other federal programs The ADA requirements extend most federal disability discrimination prohibits to health care and other businesses even if they do not receive federal financial assistance to ensure that qualified individuals with disabilities have equal access to their programs, services or activities.

In many instances, these federal discrimination laws both prohibit discrimination and require health care and other regulated businesses to put in place reasonable accommodations needed to ensure that their services are accessible and available to persons with disabilities. The public accommodation provisions of the ADA, for instance, generally require those doctors’ offices, medical clinics, hospitals, and other health care providers, as well as other covered businesses to provide people with disabilities, including those with HIV, equal access to goods, services, and facilities. The ADA also may compel health care providers to adjust their practices for delivering care and/or providing access to facilities to accommodate special needs of disabled individuals under certain circumstances. Meanwhile the Civil Rights Act and other laws prohibit discrimination based on national origin, race, sex, age, religion and various other grounds. These federal rules impact almost all public and private health care providers as well as a broad range housing and related service providers.

Glenbeigh ADA Disability Discrimination Settlement

According to the Justice Department, Glenbeigh has agreed to a settlement resolving charges it violated the ADA by denying admission to someone because of HIV. The fourth ADA disability discrimination settlement addressing HIV discrimination by a medical provider reached by the Justice Department in six weeks, the settlement requires Glenbeigh to pay $32,500 to the complainant, $5,000 in civil penalties, train its staff on the ADA and develop and implement an anti-discrimination policy.

The settlement resolves Justice Department charges that engaged in prohibited disability discrimination in violation of the ADA by unlawfully refusing to admit someone with HIV into its alcohol treatment program because of the side effects of his HIV medication. Glenbeigh’s alcohol treatment program consists of helping patients through the physical aspects of recovery, as well as providing counseling and incorporating spiritual healing. The Justice Department determined Glenbeigh cannot show that treating the complainant would have posed a direct threat to the health or safety of others.

In announcing the Glenbeigh settlement, the Justice Department warned other providers against illegal disability discrimination against individuals with HIV or other disabilities.

“Ensuring access to medical care for people with HIV requires that those in the medical field make medical decisions that are not based on fears or stereotypes,” said Thomas E. Perez, Assistant Attorney General for the Civil Rights Division. “The ADA does not tolerate HIV discrimination and neither will the Justice Department.”

Glenbeigh Settlement Part of Larger Disability Enforcement Trend

Settlements like Glenbeigh’s are growing increasingly common as the Initiative picks up steam. As part of a broader emphasis on the enforcement of disability and other federal discrimination laws by the Obama Administration, Federal agencies are making investigation and prosecution of suspected disability discrimination by health industry and other organizations a priority.

In the past five weeks, the Justice Department announced similar agreements with Woodlawn Family Dentistry, the Castlewood Treatment Center, and the Fayetteville Pain Center to address HIV discrimination. These new settlements add to a growing list of Justice Department disability discrimination enforcement actions against health care providers. Along side a growing list of disability discrimination settlements and prosections, the Justice Department has a website dedicated to disabilities law enforcement, which includes links to settlements, briefs, findings letters, and other materials.

The Justice Departments campaign against disability discrimination by health care providers is supported and enhanced by the concurrent efforts of OCR. Along side the Justice Department’s efforts, OCR recently has announced several settlement agreements and issued letters of findings as part of its ongoing efforts to ensure compliance with the Rehab Act and the ADA well as various other federal nondiscrimination and civil rights laws. Through its own antidiscrimination campaign, OCR is racking up an impressive list of settlements with health care providers, housing and other businesses for violating the ADA, Section 504 or other related civil rights rules enforced by OCR. See, e.g. Genesis Healthcare Disability HHS OCR Discrimination Settlement Reminder To Use Interpreters, Other Needed Accommodations For Disabled. Meanwhile, both the Justice Department and OCR also are encouraging victims of discrimination to enforce their rights through private action through educational outreach to disabled and other individuals protected by federal disabilities and other civil rights laws to make them aware of and to encourage them to act to enforce these rights.

Providers Should Act To Manage Patient-Related Disability Discrimination Risks

Prosecutions and settlements like the Glenbeigh settlements show the need for health care providers and other public and private organizations to strengthen their disability discrimination compliance and management practices to defend against rising exposures to actions by the Justice Department, OCR, the Equal Employment Opportunity Commission (EEOC) and other agencies as well as private law suits. Hospitals, health care clinics, physicians and other health care providers should take steps to guard against joining the growing list of health care providers caught in the enforcement sights of the Initiative by reviewing and updating practices, policies, training and oversight to ensure that their organizations can prevent and defend against charges of disability discrimination.

Defending or paying to settle a disability discrimination charge brought by a private plaintiff, OCR or another agency, or others tends to be financially, operationally and politically costly for a health care organization or public housing provider. In addition to the expanding readiness of OCR and other agencies to pursue investigations and enforcement of disability discrimination and other laws, the failure of health care organizations to effectively keep up processes to appropriately include and care for disabled other patients or constituents with special needs also can increase negligence exposure, undermine Joint Commission and other quality ratings, undermine efforts to qualify for public or private grant, partnerships or other similar arrangements, and create negative perceptions in the community.

In light of the expanding readiness of the Justice Department, OCR, HUD, EEOC and other agencies to investigate and take action against health care providers for potential violations of the ADA, Section 504 and other federal discrimination and civil rights laws, health care organizations and their leaders should review and tighten their policies, practices, training, documentation, investigation, redress, discipline and other nondiscrimination policies and procedures. In carrying out these activities, organizations and their leaders should keep in mind the critical role of training and oversight of staff and contractors plays in promoting and maintaining required operational compliance with these requirements. Reported settlements reflect that the liability trigger often is discriminatory conduct by staff, contractors, or landlords in violation of both the law and the organization’s own policies.

To achieve and maintain the necessary operational compliance with these requirements, organizations should both adopt and policies against prohibited discrimination and take the necessary steps to institutionalize compliance with these policies by providing ongoing staff and vendor training and oversight, contracting for and monitoring vendor compliance and other actions. Organizations also should take advantage of opportunities to identify and resolve potential compliance concerns by revising patient and other processes and procedures to enhance the ability of the organization to learn about and redress potential charges without government intervention.

For More Information Or Assistance

If you need assistance reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her presentations and programs include How to Ensure That Your Organization Is In Compliance With Regulations Governing Discrimination, as well as a wide range of other workshops, programs and publications on discrimination and cultural diversity, as well as a broad range of compliance, operational and risk management, and other health industry matters.

Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance responding to concerns about the matters discussed in this publication or other health care concerns, wish to obtain information about arranging for training or presentations by Ms. Stamer, wish to suggest a topic for a future program or update, or wish to request other information or materials, please contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides business and management information, tools and solutions, training and education, services and support to help organizations and their leaders promote effective management of legal and operational performance, regulatory compliance and risk management, data and information protection and risk management and other key management objectives. Solutions Law Press, Inc.™ also conducts and help businesses and associations to design, present and conduct customized programs and training targeted to their specific audiences and needs. For additional information about upcoming programs, to explore becoming a presenting sponsor for an upcoming event, e-mail your request to info@Solutionslawpress.com These programs, publications and other resources are provided only for general informational and educational purposes. Neither the distribution or presentation of these programs and materials to any party nor any statement or information provided in or in connection with this communication, the program or associated materials are intended to or shall be construed as establishing an attorney-client relationship, to constitute legal advice or provide any assurance or expectation from Solutions Law Press, Inc., the presenter or any related parties. If you or someone else you know would like to receive future Alerts or other information about developments, publications or programs or other updates, send your request to info@solutionslawpress.com. CIRCULAR 230 NOTICE: The following disclaimer is included to comply with and in response to U.S. Treasury Department Circular 230 Regulations. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN. ©2013 Cynthia Marcotte Stamer, P.C. All rights reserved.

Leave a Comment » | Academic medicine, Electronic Health Records, Employee Benefits, Employment, Health Care, Health IT, HIPAA, HITECH Act, Hospital, OCR, Physician | Tagged: Health Care, HIPAA, OCR, Physician, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

Genesis Healthcare Disability HHS OCR Discrimination Settlement Reminder To Use Interpreters, Other Needed Accommodations For Disabled

March 5, 2013

Health care providers dealing with patients with hearing, language, cognitive, or other disabilities are reminded to use care to provide interpreters or other accommodations when necessary to care for disabled or other language limited patients by a settlement announced with Genesis HealthCare (Genesis).

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced today that Genesis has reached an agreement to settle OCR charges that it violated Section 504 of the Rehabilitation Act of 1973 (Act) by failing to provide an interpreter for a language impaired patient. The latest in a growing list of enforcement actions by OCR against health care providers for failing to provide interpreters or other accommodations for disabled, English-as-a-second-language, or other language impaired patients, it reminds health care providers of the importance of providing appropriate interpreter or other accommodations needed to enable patients to properly understand and participate in their care. The announcement comes as HHS is releasing new resources reminding health care providers and others of the need to provide appropriate language access resources to these and other patients and their caregivers with language challenges.

Genesis Settlement

As interpreted by OCR, the Act requires that health care and other facilities covered by the Act take appropriate steps to ensure effective communications with patients when delivering health care or other services.

The settlement follows an OCR investigation of a complaint that Genesis, one of the largest providers of senior care violated the Act by failing to provide a qualified interpreter to a resident at its skilled nursing facility in its Randallstown, Maryland. Genesis operates more than 400 skilled nursing centers and assisted/senior living communities across 29 states.

According to OCR, an OCR investigation conducted under the Act found Genesis center staff at the facility harmed the health care and overall health status of the patient by not providing a qualified interpreter, evaluations of his care and discussions on the effects of his numerous medications and the risks caused by not following recommended treatments and prescription protocols. OCR charged the Genesis staff improperly relied on written notes and gestures to communicate with the resident—even while conducting a comprehensive psychiatric evaluation of him. OCR concluded that a qualified sign language interpreter was necessary for the patient and staff to be able to communicate effectively with each other regarding treatment.

Under the settlement terms, all 400 Genesis skilled nursing facilities must comply with the terms and conditions of the settlement. The settlement also requires Genesis to form an auxiliary aids and services hotline; create an advisory committee to provide guidance and direction on how to best communicate with the deaf and hard of hearing community; designate a monitor to conduct a self-assessment and get feedback from deaf and hard of hearing individuals and advocates and conduct outreach to promote awareness of hearing impairments and services that are available for deaf and hard of hearing individuals. In addition Genesis will pay monetary penalties for noncompliance with any terms of the agreement.

In announcing the settlement, OCR Director emphasized OCR’s commitment to enforcing the Act’s nondiscrimination provisions. “This patient’s care was unnecessarily and significantly compromised by the stark absence of interpreter services,” said Rodriguez. “My office continues its enforcement activities and work with providers, particularly large health care systems like Genesis, to make certain that compliance with nondiscrimination laws is a system wide obligation.”

The settlement follows two enforcement actions by OCR in early February to ensure deaf and hard of hearing individuals living in New York and Washington, D.C., have equal access to programs and services provided by local government agencies. Like the settlement announced today, both of those actions arose from complaints that individuals were denied interpreters. In those cases, the needed interpreters were sign language interpreters in Cattaraugus County Department of Aging (CCDOA) in New York and the District of Columbia Children and Family Services Agency (DCCFSA). OCR conducted investigations under the Actand Title II of the Americans with Disabilities Act of 1990, which require that covered entities ensure effective communication for persons with disabilities. Those actions resulted in the CCDOA voluntary resolution agreement, and the DCCFSA settlement agreement.

HHS Shares Language Access Resources

HHS views the availability of appropriate langauge accommodations as key to providing quality of care. The effort includes persons facing not only disabilities impacting communications, but others with language barriers. In support of its efforts to promote the availability and use of appropriate langauge accommodations, HSS recently shared its 2013 Language Access Plan (HHS LAP) for ensuring access to the Department’s programs and activities to people with limited English proficiency (LEP). The LEP reflects HHS’ awareness that America’s population reflects diverse communications needs. Nearly 20 percent of the population (55 million people) speaks a language other than English at home, 63 percent of hospitals treat LEP patients daily or weekly and more than 15 languages are frequently encountered by at least 20 percent of hospitals.

In accordance with Executive Order 13166, Improving Access to Services for Persons with Limited English Proficiency, the HHS LAP establishes the Department’s policy and strategy for serving persons with LEP and its commitment to the language access principals which state that people with LEP should have meaningful access to federally funded programs, activities, services and benefits. The plan available here urther serves as a blueprint for HHS Divisions to develop their own agency-specific language access plans. The HHS LAP is organized into ten cross-cutting elements with specific actions steps for HHS agencies to include in their respective agency-specific plans. The ten elements include:

ELEMENT 1: Assessment: Needs and Capacity
ELEMENT 2: Oral Language Assistance Services
ELEMENT 3: Written Translations
ELEMENT 4: Policies and Procedures
ELEMENT 5: Notification of the Availability of Language Assistance at no Cost
ELEMENT 6: Staff Training
ELEMENT 7: Assessment: Access and Quality
ELEMENT 8: Stakeholder Consultation (New Element)
ELEMENT 9: Digital Information (New Element)
ELEMENT 10: Grant Assurance and Compliance (New Element)

Hospitals and other health care providers should use these elements as guidelines for meeting the needs for language limited populations and patients, as well as to help structure the elements for assessment and accommodation of persons with disabilities impacting the abiity to communicate.

Enforcement Exposures Rising

The settlement and Director Rodriguez’s statements should alert health care providers and other public and private organizations of the need to strengthen their disability discrimination compliance and management practices to defend against rising exposures to actions by the U.S. Department of Justice, Department of Health & Human Services Office of Civil Rights (OCR), Equal Employment Opportunity Commission (EEOC) and other agencies as well as private law suits.

As part of a broader emphasis on the enforcement of disability and other federal discrimination laws by the Obama Administration, Federal agencies are making investigation and prosecution of suspected disability discrimination by health industry and other organizations a priority. OCR recently has announced several settlement agreements and issued letters of findings as part of its ongoing efforts to ensure compliance with Section 504 of the Rehabilitation Act of 1973 (Section 504) and the ADA well as various other federal nondiscrimination and civil rights laws.

Most health care and other U.S. businesses fully appreciate the growing disability discrimination exposures in employment but often are less aware of or ready to manage their responsibilities under the ADA public accommodation rules or other laws.

Employment Discrimination Under ADA

Title I of the ADA prohibits employers from discriminating against individuals on the basis of disability in various aspects of employment. The ADA’s provisions on disability-related inquiries and medical examinations show Congress’s intent to protect the rights of applicants and employees to be assessed on merit alone, while protecting the rights of employers to make sure that individuals in the workplace can efficiently do the essential functions of their jobs. An employer generally violates the ADA if it requires its employees to undergo medical examinations or submit to disability-related inquiries that are not related to how the employee performs his or her job duties, or if it requires its employees to disclose over broad medical history or medical records. Title I of the ADA also generally requires employers to make reasonable accommodations to employees’ and applicants’ disabilities as long as this does not pose an undue hardship or the employer the employer otherwise proves employing a person with a disability with reasonable accommodation could not end significant safety concerns. Employers generally bear the burden of proving these or other defenses. Employers are also prohibited from excluding individuals with disabilities unless they show that the exclusion is consistent with business necessity and they are prohibited from retaliating against employees for opposing practices contrary to the ADA.

Violations of the ADA can expose businesses to substantial liability. Violations of the employment provisions of the ADA may be prosecuted by the EEOC or by private lawsuits and can result in significant judgments. Employees or applicants that can prove they were subjected to prohibited disability discrimination under the ADA generally can recover actual damages, attorneys’ fees, and up to $300,000 of exemplary damages (depending on the size of the employer).

ADA Public Accommodation & Other Federal Discrimination

In addition to the well-known and expanding employment discrimination risks, public and private health care and housing providers also increasingly face disability discrimination exposures under various federal laws such as the public accommodation and other disability discrimination prohibitions of the ADA, Section 504, the Civil Rights Act and various other laws that the Obama Administration views as high enforcement priorities.

Section 504 requires recipients of Medicare, Medicaid, HUD, Department of Education, welfare and most other federal assistance programs funds including health care, education, housing services providers, state and local governments to ensure that qualified individuals with disabilities have equal access to programs, services, or activities receiving federal financial assistance. The ADA extends the prohibition against disability discrimination to private providers and other businesses as well as state and local governments including but not limited to health care providers reimbursed by Medicare, Medicaid or various other federal programs The ADA requirements extend most federal disability discrimination prohibits to health care and other businesses even if they do not receive federal financial assistance to ensure that qualified individuals with disabilities have equal access to their programs, services or activities. In many instances, these federal discrimination laws both prohibit discrimination and require health care and other regulated businesses to put in place reasonable accommodations needed to ensure that their services are accessible and available to persons with disabilities. Meanwhile the Civil Rights Act and other laws prohibit discrimination based on national origin, race, sex, age, religion and various other grounds. These federal rules impact almost all public and private health care providers as well as a broad range housing and related service providers.

As a result of its stepped up enforcement of the ADA, Section 504 and other civil rights and nondiscrimination rules, OCR is racking up an impressive list of settlements with health care providers, housing and other businesses for violating the ADA, Section 504 or other related civil rights rules enforced by OCR. While OCR continues to wage this enforcement battle in the programs it administers, the Departments of Justice, Housing & Urban Development, Education, Labor and other federal agencies also are waging war against what the Obama Administration perceives as illegal discrimination in other areas. Along side their own enforcement activities, OCR and other federal agencies are maintaining a vigorous public outreach to disabled and other individuals protected by federal disabilities and other civil rights laws intended to make them aware of and to encourage them to act to enforce these rights. To be ready to defend against the resulting risk of claims and other enforcement actions created by these activities, health care, housing and other U.S. providers and businesses need to tighten compliance and risk management procedures and take other steps to prepare themselves to respond to potential charges and investigations.

Enforcement of Discrimination & Other Civil Rights Laws Obama Administration Priority Putting Public & Private Providers At Risk

A growing list of ADA and other disability discrimination law enforcement actions against private and public health care and housing providers, state and local governments and other businesses under the Obama Administration make it increasingly critical that health care organizations and other businesses manage disability discrimination risk both in their employment practices and their other business operations.

As for employment discrimination, violators of these and other federal discrimination prohibitions applicable to the offering and delivery of services and products also face exposure to large civil damage awards to private plaintiffs as well as federal program disqualification, penalties and other federal agency enforcement. Unfortunately, while most businesses and governmental leaders generally are sensitive to the need to maintain effective compliance programs to prevent and redress employment discrimination, the awareness of the applicability and non-employment related disability and other discrimination risk management and compliance lags far behind.

When considering these potential exposures, many private health care organizations mistakenly assume that OCR’s enforcement actions are mostly a problem for state and local government agencies because state and local agencies and service providers frequently in the past have been the target of OCR discrimination charges. As demonstrated by the ADA exposures are high for both public and private providers, however. OCR , the Department of Justice and other federal and state agencies can and do investigate and prosecute a lot of public and private physicians, hospitals, insurers and other private health care and other federal program participants.

Consequently, disability discrimination management requires more than employment discrimination management. The Obama Administration also has trumpeted its commitment to the aggressive enforcement of the public accommodation provisions of the ADA and other federal disability discrimination laws. In June, 2012, for instance, President Obama himself made a point of reaffirming his administration’s “commitment to fighting discrimination, and to addressing the needs and concerns of those living with disabilities.”

As part of its significant commitment to disability discrimination enforcement, the Civil Rights Division at the Justice Department has aggressively enforced the public accommodation provisions of the ADA and other federal disability discrimination laws against state agencies and private businesses that it perceives to have improperly discriminated against disabled individuals. For instance, the Justice Department entered into a landmark settlement agreement with the Commonwealth of Virginia, which will shift Virginia’s developmental disabilities system from one heavily reliant on large, state-run institutions to one focused on safe, individualized, and community-based services that promote integration, independence and full participation by people with disabilities in community life. The agreement expands and strengthens every aspect of the Commonwealth’s system of serving people with intellectual and developmental disabilities in integrated settings, and it does so through a number of services and supports. The Justice Department has a website dedicated to disabilities law enforcement, which includes links to settlements, briefs, findings letters, and other materials. The settlement agreements are a reminder that private businesses and state and local government agencies alike should exercise special care to prepare to defend their actions against potential disability or other Civil Rights discrimination challenges. All organizations, whether public or private need to make sure both that their organizations, their policies, and people in form and in action understand and comply with current disability and other nondiscrimination laws. When reviewing these responsibilities, many state and local governments and private businesses may need to update their understanding of current requirements. Statutory, regulatory or enforcement changes have expanded the scope and applicability of disability and various other federal nondiscrimination and other laws and risks of charges of discrimination.

Invest in Prevention To Minimize Liability Risks

For More Information Or Assistance

About Solutions Law Press, Inc.™

Leave a Comment » | Academic medicine, Electronic Health Records, Employee Benefits, Employment, Health Care, Health IT, HIPAA, HITECH Act, Hospital, OCR, Physician | Tagged: Disability, Discrimination, Health Care, Interpreter, OCR, Rehabilitation Act | Permalink
Posted by Cynthia Marcotte Stamer

OCR, FTC Enforcement & Guidance Signals Need To Tighten Mobile Device & Application Security

February 23, 2013

Thinking about or using mobile devices and applications in your heath care, health plan, or related operations or struggling to meet the demands of employees, patients, plan members or others to allow use of these tools? Be sure that you’ve taken appropriate steps to design, implement and manage legal responsibilities and risks associated with the development and use of these tools.

While the popularity, accessibility and cost-effectiveness of mobile devices and applications provides a strong incentive for health plans, health care providers, their business associates, workforce members and customers to use mobile devices and applications, the use of these technologies and applications to collect, access, or use personal health care, financial, or other sensitive information presents special challenges and risks. Unfortunately, as the use of these tools proliferates, federal officials are increasingly concerned that the data security protections afforded by many of the devices and applications in use on these highly popular smart phone, tablet and other mobile devices and applications is highly lacking. See FTC Settlement With Mobile Device & App Developer Shows Developers & Businesses Need To Manage Mobile App & Data Security.

As federal regulators and law enforcement responds to growing concerns about cyber security and other risks, heath care, health plan and other businesses, their employees, customers, and other business partners jumping on the mobile device and application bandwagon, health, application bandwagon, and the device and application developers developing and offering these tools must take appropriate steps to manage the personal health, financial, and other sensitive information and data that these tools use, create, access or disclose.

The Health Insurance Portability & Accountability Act (HIPAA) generally requires that health care providers, health plans, health care clearinghouses and their businesses associates safeguard personal health care information or “PHI” and restrict its use, access and disclosure in accordance with the extensive and highly detailed requirements of the Privacy, Security and Breach Notification Regulations of the Department of Health & Human Services Office of Civil Rights (OCR).

OCR’s collection of several multi-million dollar settlements as well as its statements in its recent restated HIPAA regulations and other OCR guidance make clear that OCR views HIPAA as imposing significant responsibilities upon covered entities and their business associates to safeguard and restrict access to PHI on mobile devices and applications. OCR’s Long-Anticipated Omnibus HIPAA Privacy, Security, Breach Notification & Enforcement Rule Tightens Privacy Requirements, Require Action; Breaches resulting from the loss or theft of unencrypted ePHI on mobile or other computer devices or systems has been a common basis of investigation and sanctions since that time, particularly since the Breach Notification rules took effect. OCR Pops Idaho Hospice In 1st HIPAA Breach Settlement Affecting < 500 Patients; Providence To Pay $100000 & Implement Other Safeguards; OCR Hits Alaska Medicaid For $1.7M+ For HIPAA Security Breach; OCR Audit Program Kickoff Further Heats HIPAA Privacy Risks; $1.5 Million HIPAA Settlement Reached To Resolve 1st OCR Enforcement Action Prompted By HITECH Act Breach Report; HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website. These actions and statements of OCR provide a clear warning to HIPAA-covered entities and their business associates to expect significant consequences for failing to properly encrypt and safeguard ePHI used, accessed or disclosed on mobile devices and applications.

Of course, HIPAA shouldn’t be the only standard considered when health care providers, health plans or their business partners and vendors design and use mobile applications. In addition to HIPAA’s requirements on PHI, health care providers, health plans, health care clearinghouses, and their business partners also generally can expect that mobile devices and applications used in connection with their operations by patients, customers, employees or others also may use access, collect or disclose credit card, financial and a broad range of other sensitive information required to be protected under federal laws like the Fair & Accurate Credit Transactions Act (FACTA) or other Federal Trade Commission (FTC) Rules, state data security, data breach, identity theft or other privacy rules or both. Depending on the nature of the data and the circumstances of the unanticipated use or disclosure, invasion of privacy or other common or statutory laws also may come into play.

With the use of these applications by consumers and business proliferates, Congress, OCR, the FTC, state regulators and others are upping the responsibilities and the liability of businesses that fail to appropriately consider and implement security in their mobile devices and applications. Following on OCR’s restatement of its HIPAA regulations, the Obama Administration’s announcement of new cyber security initiatives, and a plethora of other federal and state regulatory and enforcement actions against businesses for data security missteps, the FTC recently launched a campaign to ensure that companies secure the software and devices mobile device and application providers provide consumers.

Earlier this month, the FTC introduced Mobile App Developers: Start with Security, a new business guide that encourages app developers to aim for reasonable data security.

On June 4, 2013, the FTC also plans to host a public forum on malware and other mobile security threats in order to examine the security of existing and developing mobile technologies and the roles that various members of the mobile ecosystem can play in protecting consumers.

Along side this educational outreach, the FTC also is moving to punish businesses that fail to act responsibly to protect sensitive data. This trend is illustrated by the FTC’s announcement this week of its first settlement with a mobile device manufacturer.

FTC Charges Against HTC America

This week, the FTC announced that mobile device giant HTC American, Inc. will to settle FTC charges that the company failed to take reasonable steps to secure the software it developed for its smart phones and tablet computers and introduced security flaws that placed sensitive information about millions of consumers at risk.

A leading mobile device manufacturer in the United States, HTC America develops and manufactures mobile devices based on the Android, Windows Mobile, and Windows Phone operating systems. HTC America has customized the software on these devices in order to differentiate itself from competitors and to comply with the requirements of mobile network operators.

In its first-ever complaint against a mobile device or application developer, the FTC charged HTC America failed to incorporate and administer appropriate safeguards for personal financial and other sensitive data accessed and used in these applications when designing or customizing the software on its mobile devices. Among other things, the complaint alleged that HTC America failed to provide its engineering staff with adequate security training, failed to review or test the software on its mobile devices for potential security vulnerabilities, failed to follow well-known and commonly accepted secure coding practices, and failed to establish a process for receiving and addressing vulnerability reports from third parties.

To illustrate the consequences of these alleged failures, the FTC’s complaint details several vulnerabilities found on HTC America’s devices, including the insecure implementation of two logging applications – Carrier IQ and HTC Loggers – as well as programming flaws that would allow third-party applications to bypass Android’s permission-based security model.

Due to these vulnerabilities, the FTC charged, millions of HTC devices compromised sensitive device functionality, potentially permitting malicious applications to send text messages, record audio, and even install additional malware onto a consumer’s device, all without the user’s knowledge or consent. The FTC alleged that malware placed on consumers’ devices without their permission could be used to record and transmit information entered into or stored on the device, including, for example, financial account numbers and related access codes or medical information such as text messages received from healthcare providers and calendar entries about doctor’s appointments. In addition, malicious applications could exploit the vulnerabilities on HTC devices to gain unauthorized access to a variety of other sensitive information, such as the user’s geolocation information and the contents of the user’s text messages.

Moreover, the FTC complaint alleged that the user manuals for HTC Android-based devices contained deceptive representations, and that the user interface for the company’s Tell HTC application was also deceptive. In both cases, the security vulnerabilities in HTC Android-based devices undermined consent mechanisms that would have otherwise prevented unauthorized access or transmission of sensitive information.

HTC America Settlement

The settlement not only requires the establishment of a comprehensive security program, but also prohibits HTC America from making any false or misleading statements about the security and privacy of consumers’ data on HTC devices. Under the settlement agreement, HTC American must:

Fix vulnerabilities found in millions of HTC devices;
Establish a comprehensive security program designed to address security risks during the development of HTC devices; and
Undergo independent security assessments every other year for the next 20 years.

HTC America and its network operator partners are also in the process of deploying the security patches required by the settlement to consumers’ devices. Many consumers have already received the required security updates. The FTC is encouraging consumers using HTC America applications to apply the updates as soon as possible.

The FTC Commission vote to accept the consent agreement package containing the proposed consent order for public comment was 3-0-2, with Chairman Jon Leibowitz not participating and Commissioner Maureen Ohlhausen recused. The FTC will publish a description of the consent agreement package in the Federal Register shortly.

In accordance with FTC procedures, the settlement agreement will be subject to public comment through March 22, after which the Commission will decide whether to make the proposed consent order final. Interested parties can submit comments electronically or in paper form using instructions in the “Invitation To Comment” part of the “Supplementary Information” section. Comments in paper form should be mailed or delivered to: Federal Trade Commission, Office of the Secretary, Room H-113 (Annex D), 600 Pennsylvania Avenue, N.W., Washington, DC 20580. The FTC is requesting that any comment filed in paper form near the end of the public comment period be sent by courier or overnight service, if possible, because U.S. postal mail in the Washington area and at the Commission is subject to delay due to heightened security precautions.

Act To Manage Mobile Application Device & Security

Given the expanding awareness, expectations and enforcement of OCR, FTC and others, health care, health plan and other industry participants deciding whether and when to use, or allow others to use mobile devices or applications to access data or carry out other activities and the mobile device or other technology developers and providers offering products or services to these organizations must get serious about security.

These and other related activities send a clear message that health care, health insurance mobile device and application users and developers must incorporate and administer appropriate processes and safeguards to protect PHI, personal financial and other sensitive data. In response to these developments, industry mobile device and application developers and the health care, health insurance and other businesses must consider carefully before deploying or allowing others to deploy or use these tools in relation to data within their operations or systems. Before and when using or permitting customers, business partners, employees or others to use tools, these organizations must ensure the adequacy of the design and security safeguards for their devices, software and applications, as well as their disclaimers and associated consumer disclosures and consents. Because of the special legal and operational expectations for these organizations, health care, health insurance and other industry provides must resist pressure to allow the use of these tools unless and until they can verify that these legal and operational requisites are fulfilled.

For More Information Or Assistance

If you found this article of interest, you also may be interested in other recent Solutions Law Press, Inc. articles by Ms. Stamer including:

About Solutions Law Press, Inc.™

Leave a Comment » | Academic medicine, Electronic Health Records, Employee Benefits, Employment, Health Care, Health IT, HIPAA, HITECH Act, Hospital, OCR, Physician | Tagged: EHRhealth-care, HIPAA, OCR, Physician, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

Unfair Labor Practice Settlements Reminds Hospitals To Handle Union Activities Carefully

February 7, 2013

The National Labor Relations Board’s announcement of its approval of settlement agreements between two UPMC hospitals and the Service Employees International Union (SEIU) reminds hospital and other health industry employers to exercise care when dealing with union organizing and other activities protected by the National Labor Relations Act (NLRA) and other federal labor laws.

The settlements relate to unfair labor practices charges the SEIU filed with the NLRB in response to actions taken by the hospital during the early stages of an organizing campaign before the union even had filed a petition for an election. Among other things, the SEIU complained that the hospitals violated the NLRB by terminating or otherwise punishing workers for supporting the union. The union also charged that the hospitals overly broad solcial medial, solicitation and code of conduct rules improperly interfered with the organizing rights of workers protected by the NLRA.

In the settlement agreements, UPMC Presbyterian Shadyside agreed to offer reinstatement and backpay to two employees who were discharged after supporting the union, and to reimburse two other employees who lost wages due to a suspension and other actions. The employer also agreed to rescind overly-broad policies related to social media, solicitation rules and a code of conduct at all UPMC facilities, to post Notices to Employees in multiple break rooms in four Pittsburgh hospitals, and to train supervisors to avoid future unlawful behavior.One remaining charge related to the use of company e-mail by employees to communicate about the union was not resolved and will proceed to trial before an Administrative Law Judge. The trial date is tentatively set for February 20.

Under the Obama Administration, the NLRB in recent years has shown aggressive support for unions and their organizing and collective bargaining activities. As part of these activities and in response to the emergence of social media and other electronic communications, the NLRA increasingly has challenged the use of broad policies restricting the use of Facebook or other social media, e-mail or other similar communications by workers when it is perceived these policies punish or chill worker’s ability to communicate or organized concerning terms and conditions of employment. As these and other commonly challenged practices are widely used within the health care industry, health industry employers are urged to take proper steps to review their policies and their administration to minimize exposure to these and other unfair labor practice challenges.

For More Information Or Assistance

If you need assistance managing your workforce, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement action or with other health care related risk management, compliance, training, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas and Board Certified in Labor and Employment Law by the Texas Board of Legal Specialization, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters. Her experience includes advising hospitals, nursing home, home health, rehabilitation and other health care providers and health industry clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to Board of Medicine, Department of Aging & Disability, Drug Enforcement Agency, OCR Privacy and Civil Rights, HHS, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

If you found this article of interest, you also may be interested in other recent Solutions Law Press, Inc. articles by Ms. Stamer including:

About Solutions Law Press, Inc.™

Leave a Comment » | Academic medicine, Electronic Health Records, Employee Benefits, Employment, Health Care, Health IT, HIPAA, HITECH Act, Hospital, OCR, Physician | Tagged: Health Care, Hospital, Labor, NLRA, NLRB, unfair labor practice | Permalink
Posted by Cynthia Marcotte Stamer

New Children’s Electronic Health Record Format Shared

February 7, 2013

The Department of Health and Human Service (HHS) hopes a new electronic health record (EHR) format for documenting medical care for children developed by the Agency for Healthcare Research and Quality (AHRQ)with support from the Centers for Medicare and Medicaid Services (CMS) will help developers create better EHRs for use by health care providers caring for children.

According to AHRQ, the children’s EHR format establishes a” blueprint” for EHRs to better meet the needs of health care providers and pediatric patients by combining what CMS and AHRQ consider the ”best-practices in clinical care, information technology, and insights from experts in children’s health.” Developed to address commonly occuring problems in functionality, data elements and other challenges arising when traditional EHRs have been used to document pediatric care, AHRQ hopes the new format will guides EHR developers in understanding the requirements for functionality, data standards, usability and interoperability of an EHR system to more optimally support the provision of health care to children – especially those enrolled in Medicaid or the Children’s Health Insurance Program (CHIP) as well as provide guidance for EHR system purchasers and policy makers in assessing functionality of EHRs. For more information or to access the format, see here.

For More Information Or Assistance

If you found this article of interest, you also may be interested in other recent Solutions Law Press, Inc. articles by Ms. Stamer including:

About Solutions Law Press, Inc.™

Leave a Comment » | Academic medicine, Electronic Health Records, Employee Benefits, Employment, Health Care, Health IT, HIPAA, HITECH Act, Hospital, OCR, Physician | Tagged: EHRhealth-care, HIPAA, OCR, Physician, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

Justice Department Disability Discrimination With Pain Clinic Shows Provider ADA Exposures

January 31, 2013

Hospitals, health care clinics, physicians and other health care providers should heed the settlement announced by the Justice Department announced today (January 31, 2013) with the Fayetteville Pain Center as a reminder of the importance of ensuring that their organizations can prove their care and other operations fulfill the Americans With Disabilities Act (ADA) nondiscrimination and accommodation requirements.

The public accommodation provisions of the ADA generally require those doctors’ offices, medical clinics, hospitals, and other health care providers, as well as other covered businesses to provide people with disabilities, including those with HIV, equal access to goods, services, and facilities. The ADA also may compel health care providers to adjust their practices for delivering care and/or providing access to facilities to accommodate special needs of disabled individuals under certain circumstances.

The Fayetteville Pain Center settlement arose as part of the Justice Department’s ADA enforcement effort as part of its Barrier-Free Health Care Initiative. The settlement resolves allegations that the Fayetteville Pain Center violated the ADA by refusing to treat a woman because she has HIV.

The complainant, a woman with HIV who was suffering from back pain as a result of a car accident, visited the Fayetteville Pain Center in Fayetteville, North Carolina seeking treatment. According to the complaint, the woman was unable to get medical treatment because the doctor at the Fayetteville Pain Center refused to treat a person with HIV.

Under the settlement, the Fayetteville Pain Center must pay $10,000 to the complainant and $5,000 to the United States in civil penalties, train its staff on the ADA, and develop and implement an anti-discrimination policy. To read more about the Settlement, see here.

Enforcement Exposures Rising

The Justice Department’s Fayetteville Pain Center prosecution and settlement should remind health care providers and other public and private organizations of the need to strengthen their disability discrimination compliance and management practices to defend against rising exposures to actions by the U.S. Department of Justice, Department of Health & Human Services Office of Civil Rights (OCR), Equal Employment Opportunity Commission (EEOC) and other agencies as well as private law suits.

Employment Discrimination Under ADA

Title I of the ADA prohibits employers from discriminating against individuals on the basis of disability in various aspects of employment. The ADA’s provisions on disability-related inquiries and medical examinations show Congress’s intent to protect the rights of applicants and employees to be assessed on merit alone, while protecting the rights of employers to make sure that individuals in the workplace can efficiently do the essential functions of their jobs. An employer generally violates the ADA if it requires its employees to undergo medical examinations or submit to disability-related inquiries that are not related to how the employee performs his or her job duties, or if it requires its employees to disclose overbroad medical history or medical records. Title I of the ADA also generally requires employers to make reasonable accommodations to employees’ and applicants’ disabilities as long as this does not pose an undue hardship or the employer the employer otherwise proves employing a person with a disability with reasonable accommodation could not end significant safety concerns. Employers generally bear the burden of proving these or other defenses. Employers are also prohibited from excluding individuals with disabilities unless they show that the exclusion is consistent with business necessity and they are prohibited from retaliating against employees for opposing practices contrary to the ADA.

ADA Public Accommodation & Other Federal Discrimination

Enforcement of Discrimination & Other Civil Rights Laws Obama Administration Priority Putting Public & Private Providers At Risk

When considering these potential exposures, many private health care organizations mistakenly assume that OCR’s enforcement actions are mostly a problem for state and local government agencies because state and local agencies and service providers frequently in the past have been the target of OCR discrimination charges. As demonstrated by the ADA exposures are high for both public and private providers, however. OCR , the Department of Justice and other federal and state agencies can and do investigate and prosecute a wide variety of public and private physicians, hospitals, insurers and other private health care and other federal program participants.

Invest in Prevention To Minimize Liability Risks

For More Information Or Assistance

About Solutions Law Press, Inc.™

OCR’s Long-Anticipated Omnibus HIPAA Privacy, Security, Breach Notification & Enforcement Rule Tightens Privacy Requirements, Require Action

January 17, 2013

Health care providers and their business associates have work to do. Health care providers, health plans, health care clearinghouses and their business associates will need to review and update their policies and practices for handling and disclosing personally identifiable health care information (“PHI”) in response to the omnibus restatement of the Department of Health & Human Services (“HHS”) Office of Civil Rights (“OCR”) of its of its regulations (the “2013 Regulations”) implementing the Privacy and Security Rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Rulemaking announced January 17, 2013 may be viewed here.

Since 2003, HIPAA generally has required that health care providers, health plans, health care clearinghouses and their business associates (“Covered Entities”) restrict and safeguard individually identifiable health care information (“PHI”) of individuals and afford other protections to individuals that are the subject of that information. The 2013 Regulations published today complete the implementation of changes to HIPAA that Congress enacted when it passed the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009 as well as make other changes to the prior regulations that OCR found desirable based on its experience administering and enforcing the law over the past decade.

Since passage of the HITECH Act, OCR officials have warned Covered Entities to expect an omnibus restatement of its original regulations. While OCR had issued certain regulations implementing some of the HITECH Act changes, it waited to publish certain regulations necessary to implement other HITECH Act changes until it could complete a more comprehensive restatement of its previously published HIPAA regulations to reflect both the HITECH Act amendments and other refinements to its HIPAA Rules. The 2013 Regulations published today fulfill that promise by restating OCR’s HIPAA Regulations to reflect the HITECH Act Amendments and other changes and clarifications to OCR’s interpretation and enforcement of HIPAA.

Among other things, the 2013 Regulations:

Revise OCR’s HIPAA regulations to reflect the HITECH Act’s amendment of HIPAA to add the contractors and subcontractors of health plans, health care providers and health care clearinghouses that qualify as business associates to the parties directly responsible for complying with and subject to HIPAA’s civil and criminal penalties for violating HIPAA’s Privacy, Security, and Breach Notification rules;
Update previous interim regulations implementing HITECH Act breach notification rules that require Covered Entities including business associates to give specific notifications to individuals whose PHI is breached, HHS and in some cases, the media when a breach of unsecured information happens;
Update interim enforcement guidance OCR previously published to implement increased penalties and other changes to HIPAA’s civil and criminal sanctions enacted by the HITECH Act;
Implement HITECH Act amendments to HIPAA that tighten the conditions under which Covered Entities are allowed to use or disclose PHI for marketing and fundraising purposes and prohibit Covered Entities from selling an individual’s health information without getting the individual’s authorization in the manner required by the 2013 Regulations;
Update OCR’s rules about the individual rights that HIPAA requires that Covered Entities to afford to individuals who are the subject of PHI used or possessed by a Covered Entity to reflect tightened requirements enacted by the HITECH Act that allow individuals to order their health care provider not to share information about their treatment with health plans when the individual pays cash for the care and to clarify that individuals can require Covered Entities to provide electronic PHI in electronic form;
Revise the regulations to reflect amendments to HIPAA made as part of the Genetic Information Nondiscrimination Act of 2008 (GINA) which added genetic information to the definition of PHI protected under the HIPAA Privacy Rule and prohibits health plans from using or disclosing genetic information for underwriting purposes; and
Clarifies and revises other provisions to reflect other interpretations and information guidance that OCR has issued since HIPAA was passed and to make certain other changes that OCR found appropriate based on its experience administering and enforcing the rules.

Enforcement Risks Signal Neeed To Review & Update Policies & Practices Promptly

The restated rules in the 2013 Regulations make it imperative that Covered Entities review the revised rules carefully and updated their policies, practices, business associate agreements, training and documentation to comply with the updated requirements and other enforcement and liability risks. OCR even prior to the regulations has aggressively investigated and enforced the HIPAA requirements.

The commitment of OCR to enforcement most recently was demonstrated by its recent settlement with Hospice of North Idaho (HONI). On January 2, 2013, OCR announced HONI will pay OCR $50,000 to settle potential HIPAA violations that occurred in connection with the theft of an unencrypted laptop computer containing ePHI. The HONI settlement is the first settlement involving a breach of ePHI affecting fewer than 500 individuals.

While the HONI settlement marks the first settlement on a small breach, this is not the first time OCR has sought sanctions against a covered entity for data breaches involving the loss or theft of unencrypted data on a Laptop, storage device or other computer device. Rather, OCR continues to rollout a growing list of enforcement actions demonstrating the potential risks of HIPAA violations are significant and growing. OCR Hits Alaska Medicaid For $1.7M+ For HIPAA Security Breach; OCR Audit Program Kickoff Further Heats HIPAA Privacy Risks; $1.5 Million HIPAA Settlement Reached To Resolve 1st OCR Enforcement Action Prompted By HITECH Act Breach Report; HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website; Providence To Pay $100000 & Implement Other Safeguards.

Coupled with statements by OCR about its intolerance, the HONI and other settlements provide a strong warning to covered entities of the need to carefully and appropriately manage their HIPAA encryption and other Privacy and Security responsibilities. Covered entities are urged to heed these warning by strengthening their HIPAA compliance and adopting other suitable safeguards to minimize HIPAA exposures.

In response to the 2013 Regulations and these expanding exposures, all Covered Entities should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses; and other developments to decide if additional steps are necessary or advisable. In response to these expanding exposures, all covered entities and their business associates should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses, and other developments to decide if tightening their policies, practices, documentation or training is necessary or advisable.

For Help With Compliance, Risk Management, Investigations, Policy Updates Or Other Needs

If you need help with HIPAA or other health industry, regulatory policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Scheduled to serve as the scribe for the ABA Joint Committee on Employee Benefits agency meeting with OCR, Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance often appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others. You can get more information about her HIPAA and other experience here.

If you need help with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

You can review other recent publications and resources and additional information about the other experience of Ms. Stamer here. Examples of some recent publications that may be of interest include:

If you need help investigating or responding to a known or suspected compliance, litigation or enforcement or other risk management concern, assistance with reviewing, updating, administering or defending a current or proposed employment, employee benefit, compensation or other management practice, wish to inquire about federal or state regulatory compliance audits, risk management or training, or need legal representation on other matters please contact Ms Stamer here or at (469) 767-8872.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides business and management information, tools and solutions, training and education, services and support to help organizations and their leaders promote effective management of legal and operational performance, regulatory compliance and risk management, data and information protection and risk management and other key management objectives. Solutions Law Press, Inc.™ also conducts and assist businesses and associations to design, present and conduct customized programs and training targeted to their specific audiences and needs. For additional information about upcoming programs, to explore becoming a presenting sponsor for an upcoming event, e-mail your request to info@Solutionslawpress.com These programs, publications and other resources are provided only for general informational and educational purposes. Neither the distribution or presentation of these programs and materials to any party nor any statement or information provided in or in connection with this communication, the program or associated materials are intended to or shall be construed as establishing an attorney-client relationship, to constitute legal advice or provide any assurance or expectation from Solutions Law Press, Inc., the presenter or any related parties. If you or someone else you know would like to receive future Alerts or other information about developments, publications or programs or other updates, send your request to info@solutionslawpress.com. CIRCULAR 230 NOTICE: The following disclaimer is included to comply with and in response to U.S. Treasury Department Circular 230 Regulations. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN. If you are an individual with a disability who requires accommodation to participate, please let us know at the time of your registration so that we may consider your request.

Former White House Cybersecurity Coordinator Schmidt, Stamer & Others Share Key HIPAA & Other Privacy & Data Security Insights 5/21 In LA

CMS Proposes To Further Tighten Medicare Provider Enrollment Rules

HHS Proposes Increasing Health Care Fraud Reporting Rewards To Up To $9.9 Million

CMS Proposes Changes To Accute Care Hospital & Skilled Nursing Facility Propective Payment Rules

OCR Shares New Tools to Educate Consumers and Providers about HIPAA Privacy and Security

HHS Publishes Medicaid Expansion Final Regs, Invites Public Comment

Hospitals with 2012 CMS Adverse Complaint Inspection Reports in AHCJ Data Bank Should Prepare Response

OCR Invites Comments On Plans to Survey HIPAA Covered Entities Audited Under 2012 HIPAA Audit Program

Hospital’s Disability Discrimination Settlement 4th In 5 Weeks For Justice Department

Genesis Healthcare Disability HHS OCR Discrimination Settlement Reminder To Use Interpreters, Other Needed Accommodations For Disabled

OCR, FTC Enforcement & Guidance Signals Need To Tighten Mobile Device & Application Security

Unfair Labor Practice Settlements Reminds Hospitals To Handle Union Activities Carefully

New Children’s Electronic Health Record Format Shared

Justice Department Disability Discrimination With Pain Clinic Shows Provider ADA Exposures

OCR’s Long-Anticipated Omnibus HIPAA Privacy, Security, Breach Notification & Enforcement Rule Tightens Privacy Requirements, Require Action

Recent Posts

Archives

About Cynthia Marcotte Stamer

Share this blog

Archives

Solutions Law Press Health Care Update

Follow “”

May 2013
M	T	W	T	F	S	S
« Apr
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Recent Posts

Archives

About Cynthia Marcotte Stamer

Share this blog

Archives

Solutions Law Press Health Care Update

Follow “”