Health Law Gurus

Health Law Gurus

Health Law: News,
Commentary & Insights

Historic Moment: Husband Reports Wife’s HIPAA Violation Triggering Six Figure Penalty Against Employer

Posted in Covered Entities, HIPAA, Privacy, Security

For the second time in history, the Office for Civil Rights (“OCR”) has imposed a civil monetary penalty (“CMP”) against a covered entity for violations of the Health Insurance and Portability Act (“HIPAA”). Lincare, Inc., a provider of respiratory care, infusion therapy, and medical equipment to in-home patients, is required to pay a $239,800 CMP for failure to safeguard its patients’ protected health information (“PHI”) in violation of HIPAA. A U.S. Department of Health and Human Services administrative law judge has upheld the imposition of the CMP and granted summary judgment to OCR on all issues. Continue Reading

Celebrate Data Privacy Day with us on January 28!

Posted in Privacy, Security

Celebrate Data Privacy Day with us on January 28! Join Philadelphia’s IAPP at 1 Tippling Place, 2006 Chestnut Street from 5:30 until 7:30 for a causal networking event that is open to the public.

Hosted by: Erica Woebse, CIPP/US, CIPP/G Associate – Obermayer Rebmann Maxwell & Hippel LLP

False Claims about Encryption Cost an Arm, a Leg, and a Tooth

Posted in FTC, HIPAA, Security

Earlier this month, Henry Schein Practice Solutions, Inc. (“Schein”), a provider of office management software to dental practices, learned the hard way that exaggerating the capabilities of its products can be very costly. On January 5, 2016, Schein agreed to pay the Federal Trade Commission (the “FTC”) $250,000 to settle claims that it falsely advertised the level of encryption its Dentrix G5 software used to protect patient data. Continue Reading

Traveling for Medical Care — The Increasing Popularity of Medical Tourism

Posted in Guest Contributor, Medical Tourism, Trends
Philip Nimoityn, M.D.

Philip Nimoityn, M.D.

Medical tourism is the term used to describe the movement of patients across international borders in pursuit of medical care and treatment. While in the United States the term is usually associated with Americans leaving the country in search of low-cost treatments — particularly cosmetic surgery, dental care, fertility treatments, and heart surgery — the term also refers to international patients who travel to the United States for care. Generally speaking, international patients who travel to the United States seek access to medical procedures that are either not available in their countries of origin or have better patient outcomes in the United States.

In the medical tourism industry, prestigious hospitals (like the Mayo and Cleveland Clinics) are known for their treatment of international patients. Many of these hospitals have specific services catering to international patients, such as airport pick-up and drop-off, hotel shuttles, translators, and traveling planning assistance. These services are intended to facilitate the medical tourism process and combat the difficulties international patients may encounter, including obtaining a visa or overcoming cultural barriers like language differences. Continue Reading

Looking Ahead to 2016 and Beyond: Could the Precision Medical Initiative Revolutionize the Way Patients Receive Medical Treatment?

Posted in HIPAA, Technology, Trends

The Precision Medicine Initiative (“PMI”) was officially unveiled in President Obama’s January 2015 State of the Union address. Precision medicine is an emerging approach for disease prevention and treatment that considers an individual’s genes, environment, and lifestyle. The hope is that PMI will usher in a new era of medicine in which researchers, providers, and patients work together to develop and implement individualized patient care.

Precision medicine, or “personalized medicine” as it was previously called, has been around for a number of years. In 2008, a report to President Bush recommended public policy initiatives for the development of tools and technologies and regulations and reimbursement for genomics-based diagnostic testing. A 2010 report by the President’s Counsel of Advisors on Science and Technology expanded upon the potential value of federal initiatives to standardize and extend the use of electronic health records and health information exchange to facilitate the delivery of patient-specific data to physicians and patients. Continue Reading

Are Wearable Devices a Privacy Nightmare?

Posted in Privacy, Security, Technology

iStock_000059459008_SmallWearable devices, such as fitness trackers and smart watches, have taken the United States technology industry by storm. In the past three years, there has been a 500% increase in the number of fitness bands and activity trackers sold. The research firm Market and Market predicts that the industry will continue to grow at unprecedented rates and will reach $11.61 billion by the end of 2020. However, there are divisive legal issues associated with the rapid growth and increasing popularity of these wearable devices. Questions concerning how to protect the data collected from these devices and how to ensure that the data is only being used for authorized purposes have plagued the industry. Continue Reading

Government Opposes Health Care Merger Between Penn State Hershey and PinnacleHealth Citing Potential for Reduced Competition and Increased Prices

Posted in FTC, Guest Contributor, Mergers
Emily Hart

Emily Hart

This week, the Federal Trade Commission (“FTC”) and the Pennsylvania Office of the Attorney General (“Attorney General”) publicly opposed the anticipated merger between Penn State Hershey Medical Center (“Penn State Hershey”) and PinnacleHealth System (“PinnacleHealth”). This partnership would be one of the biggest health care mergers Central Pennsylvania has ever experienced.

The FTC and Attorney General allege that the proposed merger between two of the largest hospital systems in Central Pennsylvania would “substantially reduce competition” and “lead to reduced quality and higher health care costs for the area’s employers and residents.” The FTC determined that the health systems combined would control approximately 64 percent of the relevant market for general acute care inpatient hospital services within Dauphin, Cumberland, Perry, and Lebanon Counties. In a press release issued earlier this week, the FTC stated it would jointly file a complaint with the Attorney General in federal court to request a preliminary injunction, pending trial. An administrative trial in the U.S. District Court for the Middle District of Pennsylvania is scheduled for May 17, 2016. Continue Reading

High Cost of HIPAA Violations Demonstrated in $3.5 Million Settlement

Posted in Business Associates, Covered Entities, HIPAA, HITECH, Privacy, Security

Triple-S Management Corporation (“Triple-S”), on behalf of its wholly-owned subsidiaries, Triple-S Salud, Inc., Triple-C, Inc., and Triple-S Advantage, Inc., has agreed to pay $3.5 million as part of a Resolution Agreement with the Department of Health and Human Services Office of Civil Rights (“OCR”) (“Resolution Agreement”). The Resolution Agreement settled all potential liabilities related to potential and actual breaches of unsecured protected health information (“PHI”) dating back to 2010. Continue Reading

Hospital’s Turkey Dinner Is $850,000 Fine for Failure to Secure Mobile Medical Devices

Posted in HIPAA, HITECH, Prescription Drugs and Medical Devices, Privacy, Security

Just before Thanksgiving, Lahey Hospital and Medical Center (“Lahey”), a non-profit teaching hospital located in Burlington, Massachusetts, agreed to pay $850,000 for a breach of unsecured electronic protected health information (“ePHI”). Lahey will also be required to implement a corrective action plan.

The breach occurred in 2011 when an unencrypted laptop was stolen from an unlocked treatment room. The laptop, which was used in connection with a portable CT scanner, contained the protected health information (“PHI”) of approximately 599 individuals.

OCR opened an investigation and identified several specific areas in which Lahey was lacking in HIPAA compliance, including the following: Continue Reading

Final Rule Issued: Stark Law Modifications Designed to Ease the Burden of Compliance

Posted in Regulations, Stark Law

On October 30, 2015, the Centers for Medicare and Medicaid (“CMS”) issued a final regulation that includes modifications to the Stark Law (the “Final Rule”). Among other things, the Final Rule adds two new exceptions to the Stark Law’s prohibited referrals and clarifies regulatory definitions and requirements. These new regulations were published in the Federal Register on November 16, 2015. The majority of these changes will go into effect on January 1, 2016. Continue Reading