For the second time in history, the Office for Civil Rights (“OCR”) has imposed a civil monetary penalty (“CMP”) against a covered entity for violations of the Health Insurance and Portability Act (“HIPAA”). Lincare, Inc., a provider of respiratory care, infusion therapy, and medical equipment to in-home patients, is required to pay a $239,800 CMP for failure to safeguard its patients’ protected health information (“PHI”) in violation of HIPAA. A U.S. Department of Health and Human Services administrative law judge has upheld the imposition of the CMP and granted summary judgment to OCR on all issues. Continue Reading
Celebrate Data Privacy Day with us on January 28! Join Philadelphia’s IAPP at 1 Tippling Place, 2006 Chestnut Street from 5:30 until 7:30 for a causal networking event that is open to the public.
Hosted by: Erica Woebse, CIPP/US, CIPP/G Associate – Obermayer Rebmann Maxwell & Hippel LLP
Earlier this month, Henry Schein Practice Solutions, Inc. (“Schein”), a provider of office management software to dental practices, learned the hard way that exaggerating the capabilities of its products can be very costly. On January 5, 2016, Schein agreed to pay the Federal Trade Commission (the “FTC”) $250,000 to settle claims that it falsely advertised the level of encryption its Dentrix G5 software used to protect patient data. Continue Reading
Medical tourism is the term used to describe the movement of patients across international borders in pursuit of medical care and treatment. While in the United States the term is usually associated with Americans leaving the country in search of low-cost treatments — particularly cosmetic surgery, dental care, fertility treatments, and heart surgery — the term also refers to international patients who travel to the United States for care. Generally speaking, international patients who travel to the United States seek access to medical procedures that are either not available in their countries of origin or have better patient outcomes in the United States.
In the medical tourism industry, prestigious hospitals (like the Mayo and Cleveland Clinics) are known for their treatment of international patients. Many of these hospitals have specific services catering to international patients, such as airport pick-up and drop-off, hotel shuttles, translators, and traveling planning assistance. These services are intended to facilitate the medical tourism process and combat the difficulties international patients may encounter, including obtaining a visa or overcoming cultural barriers like language differences. Continue Reading
The Precision Medicine Initiative (“PMI”) was officially unveiled in President Obama’s January 2015 State of the Union address. Precision medicine is an emerging approach for disease prevention and treatment that considers an individual’s genes, environment, and lifestyle. The hope is that PMI will usher in a new era of medicine in which researchers, providers, and patients work together to develop and implement individualized patient care.
Precision medicine, or “personalized medicine” as it was previously called, has been around for a number of years. In 2008, a report to President Bush recommended public policy initiatives for the development of tools and technologies and regulations and reimbursement for genomics-based diagnostic testing. A 2010 report by the President’s Counsel of Advisors on Science and Technology expanded upon the potential value of federal initiatives to standardize and extend the use of electronic health records and health information exchange to facilitate the delivery of patient-specific data to physicians and patients. Continue Reading
Wearable devices, such as fitness trackers and smart watches, have taken the United States technology industry by storm. In the past three years, there has been a 500% increase in the number of fitness bands and activity trackers sold. The research firm Market and Market predicts that the industry will continue to grow at unprecedented rates and will reach $11.61 billion by the end of 2020. However, there are divisive legal issues associated with the rapid growth and increasing popularity of these wearable devices. Questions concerning how to protect the data collected from these devices and how to ensure that the data is only being used for authorized purposes have plagued the industry. Continue Reading
This week, the Federal Trade Commission (“FTC”) and the Pennsylvania Office of the Attorney General (“Attorney General”) publicly opposed the anticipated merger between Penn State Hershey Medical Center (“Penn State Hershey”) and PinnacleHealth System (“PinnacleHealth”). This partnership would be one of the biggest health care mergers Central Pennsylvania has ever experienced.
The FTC and Attorney General allege that the proposed merger between two of the largest hospital systems in Central Pennsylvania would “substantially reduce competition” and “lead to reduced quality and higher health care costs for the area’s employers and residents.” The FTC determined that the health systems combined would control approximately 64 percent of the relevant market for general acute care inpatient hospital services within Dauphin, Cumberland, Perry, and Lebanon Counties. In a press release issued earlier this week, the FTC stated it would jointly file a complaint with the Attorney General in federal court to request a preliminary injunction, pending trial. An administrative trial in the U.S. District Court for the Middle District of Pennsylvania is scheduled for May 17, 2016. Continue Reading
Triple-S Management Corporation (“Triple-S”), on behalf of its wholly-owned subsidiaries, Triple-S Salud, Inc., Triple-C, Inc., and Triple-S Advantage, Inc., has agreed to pay $3.5 million as part of a Resolution Agreement with the Department of Health and Human Services Office of Civil Rights (“OCR”) (“Resolution Agreement”). The Resolution Agreement settled all potential liabilities related to potential and actual breaches of unsecured protected health information (“PHI”) dating back to 2010. Continue Reading
Just before Thanksgiving, Lahey Hospital and Medical Center (“Lahey”), a non-profit teaching hospital located in Burlington, Massachusetts, agreed to pay $850,000 for a breach of unsecured electronic protected health information (“ePHI”). Lahey will also be required to implement a corrective action plan.
The breach occurred in 2011 when an unencrypted laptop was stolen from an unlocked treatment room. The laptop, which was used in connection with a portable CT scanner, contained the protected health information (“PHI”) of approximately 599 individuals.
OCR opened an investigation and identified several specific areas in which Lahey was lacking in HIPAA compliance, including the following: Continue Reading
On October 30, 2015, the Centers for Medicare and Medicaid (“CMS”) issued a final regulation that includes modifications to the Stark Law (the “Final Rule”). Among other things, the Final Rule adds two new exceptions to the Stark Law’s prohibited referrals and clarifies regulatory definitions and requirements. These new regulations were published in the Federal Register on November 16, 2015. The majority of these changes will go into effect on January 1, 2016. Continue Reading