Earlier this week, the University of Texas MD Anderson Cancer Center was ordered to pay a staggering $4,348,000.00 in order to resolve HIPAA violations from data breaches occurring in 2011, 2012, and 2013.The extremity of the penalties is explained by the fact that the data breaches were completely preventable. Generally, covered entities and business associates under the Health Insurance Portability and Accountability Act (HIPAA) are required to ensure confidentiality, integrity, and availability of all electronic protected health information (ePHI) that is created, received, maintained, or transmitted, and protect that information from reasonably anticipated threats and impermissible uses.
We provide insights and analysis for physicians, nurses, chiropractors, dentists, physical therapists and other health professionals on issues impacting their practices.
From the inception of an initial pleading until the final word of closing arguments, attorneys constantly assess, reassess, and re-reassess the “value” of their case based on each new piece of information that is introduced. While the term “value” can have any number of meanings (final ownership of a patent, full custody of a child, etc.), attorneys on both sides of a medical malpractice case assess value based on monetary damages.
The Missouri Supreme Court approved two completely new jury instructions for civil cases that require the immediate attention of Missouri civil litigators, becoming effective July 1, 2017. Rules E1.00 and E1.01 allow the Court to read an Early Case Summary to the jury before the beginning of voir dire. The instruction is not mandatory, but left to the discretion of the trial judge. These Early Case Summaries will include a brief description of the case, the plaintiff’s claims and the defendant’s defenses, the appropriate burden of proof instruction and boilerplate instructions to be included in the final instruction packet (i.e. the definition of negligence instruction).
Ever wonder if the Office of Civil Rights (“OCR”) is serious about the requirements for a HIPAA Security risk analysis and policy specific to removing hardware and electronic media containing ePHI from a covered entity’s facility? Yes, the OCR is extremely serious about those requirements as Cancer Care Group, P.C. (“Cancer Care”), a radiation oncology private practice, with 13 radiation oncologists discovered after reporting a breach of ePHI.
The Affordable Care Act (PPACA) expanded the False Claims Act (FCA) to require providers to report and return any overpayment within 60 days of identification. Just what “identification” means under this rule has been unclear until now. With the SDNY’s recent ruling in Kane v. Healthfirst, Inc., No. 1:11-cv-02325-ER (SDNY Aug. 3, 2015), there is now guidance. The Kane decision, a whistleblower/false claims case, clarifies what constitutes “identification” for purposes of triggering FCA liability related to the 60 day rule to report overpayments.