Skip to content

Physician Law Blog

We provide insights and analysis for physicians, nurses, chiropractors, dentists, physical therapists and other health professionals on issues impacting their practices.

Physician Law Blog
July 13, 2015

Happy HIPAA Times - Medical Center Settles with the OCR for Use Of Internet-Based Document Sharing

The OCR announced a settlement of $218,400 along with adoption of a robust plan of correction with St. Elizabeth’s Medical Center (SEMC) of Brighton, MA for alleged HIPAA violations. Before the settlement, SEMC had two different events leading up to it entering the resolution agreement with HHS. The first allegation involved a complaint to the OCR that employees were using an internet-based document sharing application to store ePHI without analyzing the associated security risks, exposing at least 498 individuals’ ePHI.

Physician Law Blog
June 28, 2015

Learning the Hard Way – Omnicare to Pay $124M False Claims Settlement

False Claims Act (FCA) allegations are serious business. Anti-Kickback Statute prohibits offering, paying, soliciting or receiving remuneration to induce referrals of items or services covered by Medicare, Medicaid and other federally funded programs. Omnicare learned the hard way just how serious FCA actions can be when a whistleblower made allegations against it.

Physician Law Blog
April 30, 2015

Happy HIPAA Thursday - Paper Records Count too!

Just ask Cornell Prescription Pharmacy about disposal of unshredded paper pharmacy records containing protected health information (PHI), and you will hear that this pharmacy paid $125,000 plus it has entered a Resolution Agreement with the OCR. Not only is this pharmacy paying a significant penalty, it will be under a corrective action plan to correct deficiencies in their HIPAA compliance program and must submit the members of their workforce to receive training on that program within 30 days of implementing the policies and procedures.

Physician Law Blog
April 23, 2014

HIPAA Update - OCR Takes Unencrypted Laptops Seriously

OCR issued an update regarding two important HIPAA settlements involving theft of unencrypted laptops. The first involved Concentra Health Systems report of a breach that an unencrypted laptop was stolen from the Springfield Missouri Physical Therapy Center. After concluding that Concentra had previously recognized its lack of encryption in multiple risk analyses, its efforts to protect patient PHI remained vulnerable due to incomplete and inconsistent encryption. As a result, Concentra agreed to pay OCR $1,725,220 to settle the violations and will be implementing a corrective action plan to remediate the findings.

Physician Law Blog
March 9, 2014

Another HIPAA Breach -  Encryption Matters

The Department of Health and Human Services' Office for Civil Rights, the division responsible for investigating HIPAA breaches, has said repeatedly encryption is one of the most basic things providers and business associates can implement to protect patient information. "Pay attention to encryption," said Susan McAndrew, deputy director for health information privacy at OCR, speaking at HIMSS14 this past month, particularly for any devices that can leave the office. "We're interested in protecting the data. You may be interested in protecting the property. We want to turn this into property losses as opposed to data losses."