Protected Health Information

Eric Bixler has posted on the Fox Rothschild Physician Law Blog an excellent summary of the changes coming to Medicare cards as a result of the Medicare Access and CHIP Reauthorization Act of 2015. Briefly, Centers for Medicare and Medicaid Services must remove Social Security Numbers from all Medicare cards. Therefore, starting April 1, 2018, CMS will begin mailing new cards with a randomly assigned Medicare Beneficiary Identifier to replace the existing use of SSNs.
Continue Reading CMS Suggests Five Ways for Healthcare Providers to Prepare for New Medicare Cards

In one of the best examples we have ever seen that it pays to be HIPAA compliant (and can cost A LOT when you are not), the U.S. Department of Health and Human Services, Office for Civil Rights, issued the following press release about the above settlement. This is worth a quick read and some soul searching if your company has not been meeting its HIPAA requirements.
Continue Reading $2.5 Million Settlement Shows That Not Understanding HIPAA Requirements Creates Risk

Last week we posted about A Brief Primer on the NIST Cybersecurity Framework. Our partner and HIPAA/HITECH expert Elizabeth Litten took the NIST Cybersecurity Framework and created a blog post for the HIPAA, HITECH and Health Information Technology Blog on how How the NIST Cybersecurity Framework Can Help With HIPAA Compliance: 3 Tips. For those facing any HIPAA-related issues, it is a worthwhile read.
Continue Reading How the NIST Cybersecurity Framework Can Help With HIPAA Compliance: 3 Tips

The Federal Trade Commission recently announced that it settled charges against a health billing company and its former CEO that they misled consumers who had signed up for their online
Continue Reading Billing Company Settles FTC Charges That It Misled Consumers Regarding Health Data Collection

On July 11, 2013, the Department of Health and Human Services announced that it reached a settlement with WellPoint Inc. related to potential violations of the HIPAA Privacy and Security
Continue Reading WellPoint Pays $1.7 Million To Settle Potential HIPAA Violations; HHS Sends Message To Business Associates

While the undertakings of a Medicare ACO and the terminology in the Data Use Agreement for protection of patient data may differ from those of covered entities, business associates and subcontractors and their BAAs under the HIPAA/HITECH regulations, they have many striking similarities and purposes
Continue Reading HIPAA “Mega Rule”, Meet “Super BAA”: The CMS Data Use Agreement

SAIC’s recent Motion to Dismiss the Consolidated Amended Complaint filed in federal court in Florida as a putative class action highlights the gaps between an incident (like a theft) involving PHI, a determination that a breach of PHI has occurred, and the realization of harm resulting from the breach.
Continue Reading The SAIC Breach and a Look Across the Chasm Between Significant Risk and Actual Harm Resulting from a HIPAA Breach

CMS proposal would base eligibility for provider incentive payments for the “meaningful use” of Electronic Health Records (“EHRs”) not simply on providers’ use of EHR, but on their patients’ use.
Continue Reading Patients’ “Meaningful Use” of Electronic Health Information Proposed as Core Measure for Provider Incentive Payments from Feds