Don’t let your clients get caught paying a “big” settlement for failing to report a HIPAA breach! For the first time, the Office of Civil Rights (OCR) has announced a HIPAA settlement with a provider who failed to provide a timely breach report. Presence Health, a health network serving Illinois with approximately 150 locations, including 11 hospitals and 27 long-term care and senior living facilities, has been ordered to pay a $475,000 HIPAA settlement and being directed to implement a corrective action plan because it failed to report a breach in a timely manner.
We offer updates on national on regional issues such as malpractice defense, regulatory compliance, labor and employment issues and estate planning.
$1.55 Million Settlement focuses on HIPAA requiring Business Associate Agreements
The HIPAA Final Rule has been in effect since 2013, but HIPAA settlements following breaches continue to be reported. If you think the need for a risk analysis under HIPAA is not important, think again! On December 14, 2015, the Department of Health and Human Services (HHS) announced another $750,000 HIPAA settlement with the University of Washington Medicine (UWM). This settlement not only involves a payment of $750,000 but also requires a corrective action plan and annual reports to the Office for Civil Rights (OCR) on UWM’s compliance efforts. The settlement follows an OCR investigation after UWM reported a breach of electronic protected health information (ePHI) involving approximately 90,000 individuals after an employee downloaded an email attachment containing malicious malware. As a result, UWM’s IT system involving 76,000 patients names, medical record numbers, dates of service, and/or charges or bill balances as well as approximately 15,000 patients’ names, medical record numbers, and other demographics were compromised.
Anti-Kickback Update - HHS-OIG Settles Ambulance Swapping Case $3 Million Settlement from Nursing Home in Ambulance Swapping Case
Demonstrating the government’s commitment to combat health care fraud and keeping providers accountable, the U.S. Attorney’s office of Southern District announced that Regent Management Services L.P., a long term provider, agreed to pay approximately $3.199 Million to settle allegations that it received kickbacks from ambulance companies for referrals of Regent’s Medicare and Medicaid patients needing transport in exchange for free or reduced transport costs for its other patients from those ambulance companies.
The Department of Justice (DOJ) announced a settlement for claims of substandard nursing care and medically unnecessary rehabilitation therapy wherein Extendicare will pay $38 million to settle False Claims Act allegations. Rehabilitation services have been a frequent target for DOJ investigation and settlement of alleged overpayments. Once again, DOJ brings closure to an investigation of an initiative from the Health Care Fraud Prevention and Enforcement Action Team (HEAT). In addition to HEAT, this settlement arose from an investigation related to the Justice Department’s Elder Justice initiative, which coordinates the Office of Inspector General (OIG) efforts to combat elder abuse, neglect and financial exploitation.