Tag Archives: HITECH

OCR Issues Fact Sheet Listing Circumstances in which Business Associates May Face Direct Liability for HIPAA Violations

In a development that may – understandably – have been overlooked by many heading into Memorial Day weekend, on May 24, 2019, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a Fact Sheet on Direct Liability of Business Associates under the Health Insurance Portability and Accountability Act (HIPAA). … Continue Reading

HHS Exercises Discretion to Reduce Maximum Annual Civil Money Penalties for Certain HIPAA Violations

On April 26, 2019, the U.S. Department of Health and Human Services (HHS) issued a Notification of Enforcement Discretion (Notice) regarding imposition of Civil Money Penalties (CMPs) under HIPAA. In the Notice, HHS announces that it has revisited its prior interpretation of the standards for assessment of CMPs under the HITECH Act, and is exercising … Continue Reading

Ciox Health, LLC Initiates Lawsuit against the Department of Health and Human Services Over Medical Records Request Fees under HIPAA and HITECH

On January 8, 2018, Ciox Health, LLC (Ciox) filed a complaint against the Department of Health and Human Services (HHS) and then-acting Secretary Eric D. Hargan, alleging that the Department’s rules and guidance, under HIPAA and HITECH, “impose[] tremendous financial and regulatory burdens on health care providers and threatens to upend the medical-records industry that … Continue Reading

Deadline for reporting 2015 data breaches to OCR quickly approaching

Pursuant to HIPAA/HITECH, covered entities are required to report breaches of unsecured protected health information that occurred in 2015 and affected less than 500 individuals to the Office for Civil Rights no later than 60 days after the end of the calendar year. To be safe, covered entities may wish to complete their online reporting … Continue Reading

Seventh Circuit rules hospital system is not a Consumer Reporting Agency under FCRA

Is a hospital a “consumer reporting agency”?  Can a health care provider be liable under the Fair Credit Reporting Act (FCRA) in the event of a data breach?  The Seventh Circuit Court of Appeals recently considered these significant questions in the case of Tierney v. Advocate Health & Hosps. Corp. (7th Cir., No. 14-3168, August 10, … Continue Reading

Hospital CFO Must Pay $4.4 Million For Falsely Attesting To Meaningful Use

The Health Information Technology for Economic and Clinical Health Act, adopted in 2009, pumped billions of dollars into hospitals and physicians (through the Centers for Medicare and Medicaid) in order to stimulate them to adopt electronic health records. To receive the economic incentives, hospitals and physicians had to “attest” to using electronic health records in … Continue Reading

HHS/Office of the National Coordinator issues report that health information sharing is being blocked to gain a competitive edge

In a scathing report released last Friday, the Department of Health and Human Services Office of the National Coordinator (ONC) accused hospitals and software vendors of preventing the sharing of health information in order for hospitals to prevent patients from being referred to or seeking treatment at nonaffiliated providers and electronic medical record vendors to … Continue Reading
LexBlog