When HIPAA Investigations Broaden To Scrutinize Unrelated Business Practices: The Settlement between the State of Minnesota and Accretive Health

Prosecutions involving breaches of protected health information under the Health Insurance Portability and Accountability Act (“HIPAA”) are becoming more frequent; we have noted recent civil settlements involving providers in Massachusetts and Alaska, as well as a criminal prosecution in California.  The latest prosecution, and resulting settlement, illustrates a new twist: the focus of a data […]

Alaska Department of Health and Social Services Pays $1.7 Million to Settle HIPAA Security Rule Matter

Today, the Office of Civil Rights (“OCR”) of the Department of Health and Human Services (“HHS”) announced that the Alaska Department of Health and Social Services (Alaska DHSS), which is that state’s Medicaid agency, has agreed to pay $1.7 million to settle possible violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Security […]

HIPAA: Conversion to Version 5010

As of January 1, 2012, all healthcare providers were required to transition from version 4010/4010A to version 5010 standards for submitting electronic transactions, and the failure to comply may result in claim denials or a government investigation. CMS has repeatedly postponed enforcement, but it appears the agency will begin to enforce civil monetary penalties against […]

Hospital Settles Data Breach Allegations with Massachusetts Attorney General

Late last month, the Massachusetts Attorney General, Martha Coakley, announced that her office had reached a settlement with South Shore Hospital regarding  alleged violations of the Massachusetts Consumer Protection Act and the Health Insurance Portability and Accountability Act (“HIPAA”) stemming from a data breach reported to both her office and the Office of Civil Rights of […]

Ninth Circuit on HIPAA Criminal Liability: No Knowledge Requirement

On May 10, 2012, the United States Court of Appeals for the Ninth Circuit issued its opinion in United States v. Zhou, No. 10-50231 (9th Cir. May 10, 2012), and held that the criminal misdemeanor provision of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), located at  42 U.S.C. § 1320d-6(a)(2)—which penalizes the […]

HHS Proposes Rule Giving Patients Direct Access to Lab Test Results

Yesterday, the U.S. Department of Health and Human Services (“HHS”) published a proposed rule in the Federal Register which would allow medical patients to get their laboratory test results directly from the lab.  A copy of this proposed rule is available here.  At present, only a handful of states allow direct access to lab results.  […]

HIPAA-Based Criminal Indictment for Communicating with Patient’s Employer

A Virginia physician has become the first person criminally indicted under the Health Insurance Portability and Accountability Act (HIPAA) for communicating with a former patient’s employer. According to the United States Attorney for the Eastern District of Virginia, Dr. Richard Kaye, the former Medical Director of the Psychiatric Care Center at Sentara Obici Hospital in Suffolk, Virginia, […]

HHS Releases HIPAA Privacy Rule Accounting of Disclosures

The Department of Health and Human Services (HHS) issued its notice of proposed rulemaking to modify the HIPAA Privacy Rule’s standard for accounting of disclosures of protected health information (PHI). The current accounting provision applies to disclosures of paper and electronic PHI, regardless of whether such information is in a designated record set (DRS), for […]

CMS Receives Failing Marks for HIPAA Enforcement

The Office of the Inspector General (OIG) for the U.S. Department of Health and Human Services (HHS) released a report on the oversight and enforcement actions conducted by the Center for Medicare and Medicaid Services (CMS) pertaining to hospitals’ implementation of the HIPAA Security Rule.  The OIG conducted its audits at CMS in Baltimore, Maryland, […]

$4.3M Civil Monetary Penalty for HIPAA Privacy Violation

On February 22, HHS issued a Notice of Final Determination imposing a civil monetary penalty of $4.3 million against Cignet Health of Prince George’s County, Md., representing the first civil monetary penalty issued by the Department for a covered entity’s violations of the HIPAA Privacy Rule.  The HHS found that Cignet violated 41 patients’ rights […]