Health Law Gurus

Health Law Gurus

Health Law: News,
Commentary & Insights

IS YOUR MOBILE HEALTH APP HIPAA COMPLIANT?

Posted in HIPAA, Privacy, Technology

Mobile health apps (also known as mHealth apps) are increasingly popular with consumers. As of 2014, there were more than 100,000 mobile health apps available on iOS and Android platforms, and total revenue from mobile health apps is expected to increase to $26 billion by the end of 2017, according to a research2guidance report. Mobile health apps have the potential to revolutionize the health care industry by engaging patients in their health care and facilitating communications between patients and their physicians. However, there are many privacy and security risks associated with their use. Continue Reading

News from the Health Law Gurus™: Week of January 11, 2015

Posted in Affordable Care Act (ACA), Business Associates, Covered Entities, HIPAA, Legislation, Privacy, Uncategorized

News from the Health Law Gurus™ is a weekly summary of notable health law news from around the country with helpful links to related content. Check back every week for the latest health law news stories.

Top Five Resolutions for Covered Entities and Business Associates in 2015 – The New Year is here. It is time to make those 2015 resolutions, and not just those for getting fit and healthy. Resolve now to improve your organization’s compliance with the Health Insurance Portability and Accountability Act (“HIPAA”).  See the list of our suggested top five resolutions for covered entities and business associates in 2015 by reading our full blog post here. Continue Reading

TOP FIVE RESOLUTIONS FOR COVERED ENTITIES AND BUSINESS ASSOCIATES IN 2015

Posted in Business Associates, Compliance Issues, Covered Entities, HIPAA

HiResThe New Year is here. It is time to make those 2015 resolutions, and not just those for getting fit and healthy. Resolve now to improve your organization’s compliance with the Health Insurance Portability and Accountability Act (“HIPAA”).  

HIPAA requires entities that create, receive, maintain, or transmit protected health information (“PHI”) to protect that PHI from unauthorized access, use, or disclosure. Entities that must comply with HIPAA include covered entities (defined as health care providers, health plans, and health care clearinghouses) and business associates (entities that perform services on behalf of a covered entity and handle PHI on behalf of that covered entity). Continue Reading

News from the Health Law Gurus™: Week of December 14, 2014

Posted in HIPAA, Marketplace/Exchanges, News from the Health Law Gurus, Technology

Patient Medical Records Stolen from New Jersey Storage Facility – Tribeca Medical Center is notifying patients that their protected health information may be compromised. According to a privacy notice posted on Tribeca Medical Center’s website, patient records were stolen from a locked storage facility in Jersey City, New Jersey on October 21, 2014. Unidentified individuals cut door latches to enter the facility, and they stole boxes of medical records. The records included patient names, addresses, telephone numbers, social security numbers, dates of birth, gender designation, insurance information, billing information, medical diagnoses, treatment records, laboratory and test results, and pharmacy/medication records. The theft was immediately reported to the Jersey City Police Department. To read the entire privacy notice, click here. Continue Reading

Anchorage Community Mental Health Services to Pay $125,000 in Newest HIPAA Settlement: Covered Entities and Business Associates Must Update Unpatched and Unsupported Software, Says OCR

Posted in Compliance Issues, HIPAA

Anchorage Community Mental Health Services, Inc. (“ACMHS”) will pay $125,000 to the United States Department of Health and Human Services, Office for Civil Rights (“OCR”) to settle alleged violations of the Health Insurance Portability and Accountability Act (“HIPAA”). The settlement arises from a breach of unsecured electronic protected health information (“PHI”) due to malware that compromised the security of ACMHS’s information technology resources. Over 2,700 individuals were affected by the breach. ACMHS provides behavioral health care services to children, adults, and families in Anchorage, Alaska. Continue Reading

CMS Issues Proposed Rule Addressing Changes to Medicare Shared Savings Program

Posted in Affordable Care Act (ACA), Regulations

The Centers for Medicare and Medicaid Services (“CMS”) issued a proposed rule (the “Proposed Rule”) on December 1, 2014 regarding certain changes to the Medicare Shared Savings Program (the “Program”). The Proposed Rule, spanning 429 pages, discusses proposed changes to various aspects of the Program such as beneficiary assignment, data sharing, available risk models, eligibility requirements, participation agreement renewals, and compliance and monitoring. Continue Reading

News from the Health Law Gurus™: Week of November 9, 2014

Posted in Affordable Care Act (ACA), HIPAA, News from the Health Law Gurus

News from the Health Law Gurus™ is a weekly summary of notable health law news from around the country with helpful links to related content. Check back every week for the latest health law news stories.

HIPAA in the Time of Ebola – Ebola has recently been the source of much concern, and health care providers and hospitals are taking steps to prepare themselves for the possibility of treating patients with Ebola. In addition to all of the medical preparations underway, covered entities and business associates must also continue to be aware of the protections in place that limit the uses and disclosures of a patient’s protected health information (“PHI”), even in an emergency situation. The U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”), recently released a bulletin to provide guidance to covered entities and business associates about the ways in which PHI may be shared in an emergency under the HIPAA Privacy Rule. As the OCR emphasizes in its bulletin, the “protections of the Privacy Rule are not set aside during an emergency.” To read our full blog post, click here.   Continue Reading

HIPAA in the Time of Ebola

Posted in Business Associates, Compliance Issues, HIPAA, Privacy, Regulations, Trends

Ebola has recently been the source of much concern, and health care providers and hospitals are taking steps to prepare themselves for the possibility of treating patients with Ebola. In addition to all of the medical preparations underway, covered entities and business associates must also continue to be aware of the protections in place that limit the uses and disclosures of a patient’s protected health information (“PHI”), even in an emergency situation. The U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”), recently released a bulletin to provide guidance to covered entities and business associates about the ways in which PHI may be shared in an emergency under the HIPAA Privacy Rule. As the OCR emphasizes in its bulletin, the “protections of the Privacy Rule are not set aside during an emergency.” Continue Reading

No Kidding: Overseas Medical Tourism Is Well Worth Trip

Posted in Medical Tourism, Trends
Renée-Marie Stephano, J.D.

Renée-Marie Stephano, J.D.

Surgery was on his bucket list, but Bruce Ryan didn’t want to wait until he retired to repair his debilitating and painful rotator cuff injury. The 59-year-old construction manager could have traveled the six hours to Stanford Medical Center – considered one of the top facilities in the United States. He had other reservations, instead.

“No, we went to France – to Toulouse, France – and did it,” said Ryan, chuckling at the thought. “It was great.”

All kidding aside, the American patient didn’t have to pay a dime for his medical tourism surgery in France – even $7,000 worth of deductibles and co-pays were waived – plus, he got to tour the Pyrenees Mountains, take in the local art scene, and sample baguettes, chateaux, truffles and other French indulgences. Continue Reading