Health Care Providers Should Strengthen HIPAA Compliance & Defenses As Risks Rise
$4.3 million is the amount of the civil monetary penalty (CMP) that the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has ordered Cignet Health of Prince George’s County, Md., (Cignet) to pay for violating the Health Insurance Portability & Accountability Act (HIPAA) Privacy Rule.
The first CMP ever assessed by OCR under the HIPAA Privacy Rule, the Cignet CMP assessment is the latest in a series of developments documenting the rising risks that health care providers, health plans, health care clearinghouses and their business associates (“covered entities”) face for violations of HIPAA. Covered entities and their business associates should tighten privacy policies, breach and other monitoring, training and other practices to mitigate against exposures in light of recently tightened requirements and new enforcement risks. Read more details.
Even before the announcement of the Cignet CMP, the HIPAA Privacy exposures of covered entities for failing to comply with HIPAA already had risen significantly. As of January 1, 2011, OCR reports that 12,781 of the cases it has investigated have been resolved by requiring changes in privacy practices and other corrective actions by the covered entities and has referred more than 484 Privacy Rule breach investigations to the Department of Justice for consideration for potential criminal prosecution.
While OCR had not assessed any civil monetary penalties against any covered entity for violation of HIPAA before Cignet, OCR’s collection of $2.25 million from CVS Pharmacy, Inc. under a 2009 Resolution Agreement and $100,000 from Providence Health & Services under a 2008 Resolution Agreement demonstrated the willingness of OCR to pursue significant civil remedies against covered entities that it determined willfully violated the Privacy Rules.
In response to these expanding exposures, covered entities and their business associates should review the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration the Cignet, Provident and CVS enforcement actions, emerging litigation and other enforcement data.; their own and reports of other security and privacy breaches and near misses, and other developments to determine if additional steps are necessary or advisable.
For Help With Compliance, Investigations Or Other Needs
If you need assistance auditing or tightening your existing HIPAA and other confidentiality practices or addressing other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 23 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer medical privacy and other compliance and risk management policies and to respond to OCR, FTC, medical board and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on Medicare quality and other compliance concerns. Her publications and insights on HIPAA and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.
About Solutions Law Press
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:
- ONC Giving Small Critical Access And Rural Hospitals Added Electronic Health Records Funds
- Health Care Employer’s NLRB Settlement Shows Care Necessary When Using Social Networking & Other Policies Restricting Employee Communications
- Medicare Proposes To Require Providers To Notify Patients Of Quality Of Care Complaint Rights
- OIG Launch of Health Care Fraud “Most Wanted” List Sign of Enforcement Risks
- Rhode Island DHS Must Provide Translation, Other Services For Limited English, Other Language Impaired Persons
- Texas Doctor, Pharmacy Suspension Reminder of Pain Management Prescribing Risks
- Supreme Court Ruling Medical Resident Stipend Are Wages Highlights Advisability of Compliance Review
- CMS Physician Compare Tool Gives Patients New Info On Physicians & Other Providers
- Minimum Wage, Overtime Risks Highlighted By Labor Department Strike Force Targeting Residential Care & Group Homes
- Health Care Fraud Enforcement Packs New Heat
- President Signs Long-Sought Red Flag Rule Exemption Into Law
- Quality, Recordkeeping & Unprofessional Conduct Lead Reasons For Medical Board Discipline of Physicians
- CMS Finalizes Calendar Year 2011 Physician Fee Schedule & Other Medicare Part B Payment Policies
- DEA Cautions Practitioners Must Restrict Delegation of Controlled Substance Prescribing Functions, Urges Adoption of Written Policies & Agreements
- Avoiding Post-Holiday Celebration Sexual Harassment & Discrimination Liability
- Small Employers Should Weigh If Health Premium Tax Credit Justifies Changing Employee Leasing Arrangements
- 2011 Standard Mileage Rates Announced
- Update Employment Practices To Manage Genetic Info Discrimination Risks Under New EEOC Final GINA Regulations
- EEOC Attacks Medical Leave Denials As Prohibited Disability Discrimination
- New Insured Group Health Plan Non-Discrimination Rules Create Significant Liability For Employers & Insurers; Prompt IRS Also To Review Self-Insured Group Health Plan Rules
- Affordable Care Act’s Health Plan External & Internal Review Safe Harbor & Other Regulations Require Health Plan Updates
- New Rule Requires Federal Government Contractors To Post New “Employee Rights Under The National Labor” Poster
- Employers Concerned About New Union Powers As NLRB Orders Union Elections In 31 California Health Care Facilities To Proceed
- CMS Delegated Lead Responsibility For Development of New Affordable Care Act-Required Medicare Self-Referral Disclosure Protocoll
- HHS announces Rules Implementing Tools Added By Affordable Care Act to Prevent Federal Health Program Fraud
- OIG: Texas Overbilled Medicaid for Medical Transportation Costs
- DMEPOS Suppliers Face 9/27 Deadline To Meet Tightened Medicare Standards
- HHS Announces Adjustments to Federal Medical Assistance Percentage (FMAP) Rates
- CMS Publishes Corrections To Proposed 2011 Physician Fee Schedule Rules
- Medicare Changing How It Pays For Outpatient Dialysis
- Rite Aid Agrees to Pay $1 Million to Settle HIPAA Privacy Case As OCR Moves To Tighten Privacy Rules
- CMS Adopts ESRD Facility Prospective Payment System & Proposes New Quality Incentive Program
- CMS Rule Clarifies When Outpatient Services Subject to 3-Day Rule & Finalizes FY 2011 Inpatient Payment Rates
- New Affordable Care Act Mandated High Risk Pre-Existing Condition Insurance Pool Program Regulations Set Program Rules, Prohibit Plan Dumping of High Risk Members
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.
THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
©2011 Cynthia Marcotte Stamer, P.C. Non-exclusive license to republish granted to Solutions Law Press. All other rights reserved.