A new settlement agreement announced by the Department of Health & Human Services (HHS) Office of Civil Rights (OCR) shows health plans, health care providers, health care clearinghouses and their business associates the perils of failing to properly implement the necessary policies and procedures to comply with the breach notification requirements added to the Health Insurance Portability & Accountability Act of 1996 (HIPAA) added by the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of American Recovery and Reinvestment Act of 2009 (ARRA).
APDerm Settlement Overview
Private dermatology practice, Adult & Pediatric Dermatology, P.C., (APDerm) has agreed to pay $150,000 and implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules. The APDerm Settlement marks the first settlement with a covered entity for not having policies and procedures in place to address the breach notification provisions of the HITECH Act.
According to its December 26, 2013 announcement of the settlement, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) opened an investigation of APDerm upon receiving a report that an unencrypted thumb drive containing the electronic protected health information (ePHI) of approximately 2,200 individuals was stolen from a vehicle of one its staff members. The thumb drive was never recovered. The investigation revealed that APDerm had not conducted an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality of ePHI as part of its security management process. Further, APDerm did not fully comply with requirements of the Breach Notification Rule to have in place written policies and procedures and train workforce members.
Enforcement Actions Highlight Growing HIPAA Exposures For Covered Entities
The APDerm settlement provides more evidence of the growing exposures that health care providers, health plans, health care clearinghouses and their business associates need to carefully and appropriately manage their HIPAA responsibilities. See HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website. It joins the growing list of settlement or resolution agreements under HIPAA announced by OCR.
The APDerm also is notable both as it settles the first ever charges against a covered entity for failing to adopt required Breach Notification policies and procedures and the relatively most settlement payment required in comparison to other announced settlement. Other settlements have been significantly higher. For instance, OCR required that Blue Cross Blue Shield of Tennessee (BCBST) to pay $1.5 million to resolve HIPAA violations charges.
For Representation, Training & Other Resources
If you need assistance monitoring HIPAA and other health and health plan related regulatory policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.
For More Information Or Assistance
If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help.
Board Certified in Labor & Employment Law, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 23 years experience advising health industry clients about these and other matters.
Throughout her career, Ms. Stamer has advised and represented health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to health care, human resources, tax, privacy, safety, antitrust, civil rights, and other laws as well as with internal investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.
Other Resources
If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:
- DFW Hospital Council Foundation Among 26 Organizations Selected To Lead Quality Effort
- Former Houston Texas Physician Gets 70 Month Prison Sentence For Fraud Conviction
- Euless Healthcare Corporation Owner, Associates Face Conspiracy And Health Care Fraud Charges For Alleged Submission Of $700,000+ In Fraudulent Health Care Claims
- Former Manager 9th Employee Sentenced For Involvement In Maxim Medicare False Claims Action
- Medical Identity Theft/Fraud Convictions Highlight Need For Health Care Providers To Safeguard Health Information, Guard Against Fraud Schemes
- Detroit-Area Foot Doctor Pleads Guilty to Medicare Fraud Scheme
- Merck To Pay $950 Million To Settle Vioxx® Off-Label Marketing Charges
- Texas Medical Board Suspends Child Psychiatrist For Sexual Misconduct
- 100,000+ Primary Care Providers Signed Up To Get EHRs Regional Extension Centers
- IRS Urges Preparers to Renew PTINs for 2012
- OFCCP Proposed Increased Disability Hiring Targets, Other Tougher Government Contractor Rules another Sign Of Rising Employment Discrimination Risks
- New Guidance On Fiduciary Duties In Handling ACA Group Health Plan Premium Rebates Highlight Advisability Of Tightening Funding Terms & Fund Handling Practices To Manage Fiduciary Risks
- Mental Health Parity Guidance On Mental Health & Substance Abuse Copays, Utilization Management Limits Released
- Mental Health Parity Guidance On Mental Health & Substance Abuse Copays, Utilization Management Limits Released
- Group Health Plans & Insurer To Get More Time To Meet Affordable Care Act Summary of Benefits and Coverage Requirements
- CMS Final Medicare Rule Imposes Many Conditions On Access To Medicare Claims Data To Evaluate Providers & Suppliers
- OSHA Updates Safety Resources To Prevent Construction, Other “Top 10″ Exposures
- OSHA Silo Safety Citations Heads Up To Grain Operators To Manage Safety
- OSHA Updates Safety Resources To Prevent Construction, Other “Top 10″ Exposures
- EBSA Releases Collection of New M-1 and Other Guidance Impacting Multiple Employer Welfare Plans
- New Obama Administration Affirmative Action Guidance Highlights Organization’s Need To Tighten Nondiscrimination Practices
- Incentives To Get Employee Into Wellness Education Requires Legal Risk Management
- HR Key Player In Managing Rising Risk of Disability, Other Discrimination Suits Under Obama Administration Justice Department
- HHS Chides Insurer For “Excessive” Premium Increases After Affordable Care Act Rate Audit
- IRS U-Tube Video Discusses 2012 Flexible Benefit Plan Rule Change
- Big Penalty for Lender Shows Risks of Violating Military Service or Vets Rights
- OCR 1st HIPAA Privacy, Security & Breach Notification Compliance Audits Begin
- Employers Face New Labor-Management Exposures Under Activist National Labor Relations Board
- Unions Gaining New Power From National Labor Relations Board’s New Activism
- IRS Exempts Enrolled Retirement Plan Agents From PTIN Requirement
About Solutions Law Press
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources available at www.solutionslawpress.com.
THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
©2011 Cynthia Marcotte Stamer, P.C. Non-exclusive license to republish granted to Solutions Law Press. All other rights reserved.
[1] WHD’s announcement of the planned rule notes that this draft shared December 15 remains subject to change before formally published in the Federal Register
slphealthcareupdate.com 