Health Law Gurus

Health Law Gurus

Health Law: News,
Commentary & Insights

Protected Health Information: Providers Must Proceed with Caution

Posted in HIPAA, Medical Records, Mental Health Procedures Act, Pennsylvania, Privacy, Security
Rebecca L. Warren, Esq.

Rebecca L. Warren, Esq.

Medical records are a powerful weapon in the courtroom. They may reveal the extent of an individual’s injury in a personal injury case or substantiate the severity of an individual’s mental illness when that mental illness is being used as a defense. However, while using medical records in litigation can be a dream come true for litigators, it can be a nightmare for health care providers (“Providers”). Upon receiving a subpoena or other document requesting access to medical records, a Provider must determine whether he or she is required to release medical information or is prohibited from doing so under state and federal law. If a Provider improperly releases information, the penalty could be a hefty fine.

The Health Information Portability and Accountability Act (“HIPAA”) and its implementing regulations place constraints on the release of an individual’s protected health information (“PHI”) by Providers to litigants. 45 C.F.R. 164.512(e). Under HIPAA, there are four methods to obtain access to medical records for the purposes of judicial and administrative proceedings. Each of these methods is more fully explained below: Continue Reading

Breach of ePHI Results in $2.7 Million Fine

Posted in Business Associates, Covered Entities, HIPAA, Security

Oregon Health & Science University (“OHSU”) has paid $2.7 million to the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) to settle allegations that it violated the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). OHSU must also comply with a three-year corrective action plan.

OCR began an investigation of OHSU’s compliance with HIPAA after OCR received notice from OHSU in 2013 that (i) an OHSU laptop computer was stolen resulting in a breach of unsecured electronic protected health information (“ePHI”), and (ii) OHSU stored ePHI with an internet-service provider without a business associate agreement, which is required under HIPAA. Continue Reading

Ask the Health Law Gurus™: Can a Prison Forcibly Medicate an Inmate with a Psychotropic Drug against the Inmate’s Will?

Posted in Behavioral Health, Pennsylvania

Prison guard with keys walking outside cellQuestion: Can a Pennsylvania prison forcibly administer a psychotropic medication to an inmate against the inmate’s will?

Answer: In Pennsylvania, a prison’s ability to forcibly medicate an inmate with a psychotropic drug depends upon the circumstances and whether the circumstances constitute an extreme emergency. However, in the majority of cases, prisons must follow a formal procedure before medication can be administered against an inmate’s will. Continue Reading

Ask the Health Law Gurus™: What is a Non-Compete Clause in an Employment Contract? Is it Enforceable?

Posted in Ask the Health Law Gurus™

Question: I have heard about non-compete clauses being negotiated in employment agreements with physicians. What is a non-compete clause? What does it mean if my contract has a non-compete clause? Continue Reading

False Claims Act Penalties Moving Full Steam Ahead

Posted in False Claims Act

steam trainBy August 1, 2016, all federal agencies must adjust their civil monetary penalties, including penalties required by the False Claims Act (“FCA”), to account for inflation. Last month, the Railroad Retirement Board, which occasionally has FCA cases, became the first agency to adjust its penalties. These adjustments are in response to Congress’s Bipartisan Budget Act of 2015 (“Act”), which requires federal agencies to update their civil monetary penalties to account for inflation, including a cost-of-living adjustment percentage. Under the new rule, FCA penalties will increase from $5,500 to $10,781, with maximum per-claim penalties increasing from $11,000 to $21,563. Continue Reading

Big Risks, Big Rewards: Big Data in Health Care

Posted in Big Data, Technology, Trends


The Health Law Department at Obermayer Rebmann Maxwell & Hippel LLP invites you to “Big Risks, Big Rewards: Big Data in Health Care,” an exciting presentation about big data and how to harness the power of big data in the health care industry. Continue Reading

Spring Showers Bring HIPAA Breaches

Posted in Business Associates, Covered Entities, HIPAA, Privacy, Security

Spring ShowersOCR has announced several recent settlement agreements to resolve violations of the Health Insurance Portability and Accountability Act (“HIPAA”). These settlement amounts range from $25,000 to $3.9 million dollars and illustrate a range of mistakes that health care providers make with respect to their HIPAA compliance. This post briefly summarizes OCR’s findings with respect to each settlement agreement. Based on OCR’s findings, the Health Law Gurus provide steps that your organization can take to reduce its risk of a HIPAA breach.

Physical Therapy Provider – Impermissible Disclosure of PHI

Complete P.T., Pool & Land Physical Therapy, Inc. (“PT”), a physical therapy practice located in Los Angeles, agreed to pay $25,000 and enter into a corrective action plan as a result of an impermissible disclosure of protected health information (“PHI”). PT posted patient testimonials on its website without obtaining valid authorizations as required by HIPAA. The patient authorizations included full names and full facial images of the patients. OCR discovered through its investigation that PT had not reasonably safeguarded PHI, had disclosed PHI without valid HIPAA authorizations, and had failed to implement policies and procedures for PHI regarding authorization. Continue Reading

SOS Answered: New Guidance on HIPAA for App Developers

Posted in Business Associates, Compliance Issues, Covered Entities, HIPAA, Technology, Trends

iStock_000057181060_SmallAmidst criticism that the Health Insurance Portability and Accountability Act (“HIPAA”) lags behind technological innovation, the Office for Civil Rights (“OCR”) released new guidance to aid app developers in determining how HIPAA may apply to the products they are building and developing. OCR explained that the guidance is intended to “reduce some of the uncertainty that can be a barrier to innovation.”

OCR’s guidance walks through how an app developer could be required to comply with HIPAA. The guidance explains that app developers who work for a covered entity (meaning a health plan, a health care clearinghouse, or health care providers) and, as part of their jobs, are developing an app that involves the use or disclosure of protected health information (“PHI”) are covered by HIPAA. The guidance explains that HIPAA also covers app developers who are business associates of covered entities if they are creating or offering an app on behalf of a covered entity or one of the covered entities’ contractors. Continue Reading

Dialing in on Health Care Delivery Through Telemedicine

Posted in Guest Contributor, Technology, Telemedicine
Joel Ascher, M.D., MBA

Joel Ascher, M.D., MBA

With the implementation of the Affordable Care Act, millions of newly insured patients have entered the health care market, bringing attention to the need for expanded access to services. Meanwhile, rapid advancements in the use of high-speed data transmission have paved the way toward using Internet technology to alleviate this problem, while addressing numerous inefficiencies which exist under traditional models of health care delivery. Telemedicine, “the remote diagnosis and treatment of patients by means of telecommunications technology,” has become an area of vast potential in facilitating timely access to primary care and specialist consultations. Continue Reading

Ask the Health Law Gurus™: What Is a Civil Monetary Penalty and How Is It Different from an OCR Settlement?

Posted in Ask the Health Law Gurus™, Business Associates, Covered Entities, HIPAA, Privacy, Security

judge gavel and old law booksThe Health Law Gurus™ are here to help you stay current on issues and breaking news in health law. To help you stay up-to-date, we are excited to announce our new segment, “Ask the Health Law Gurus™.” Each month, we will select a reader’s question and answer it here, on the Health Law Gurus™ blog.

In response to our last blog post, “Historic Moment: Husband Reports Wife’s HIPAA Violation Triggering Six Figure Penalty Against Employer,” we received a question about civil monetary penalties. We address the question below.

QUESTION:  What is a civil monetary penalty (“CMP”), and how is it different from a settlement with the Office for Civil Rights (“OCR”) for a violation of the Health Insurance Portability and Accountability Act (“HIPAA”)? Continue Reading