Advocate Health Care Network, the largest fully-integrated health care system in Illinois, agreed to the largest HIPAA Settlement to be paid by a single entity for potential penalties in the amount of $5.55M. The alleged long term non-compliance resulting in this settlement included four failures to comply with HIPAA including: failure to adequately conduct risk assessments, failure to limit physical access to ePHI, failure to obtain Business Associate Agreements, andfailure to safeguard an unencrypted laptop from an unlocked car overnight.
We offer updates on national on regional issues such as malpractice defense, regulatory compliance, labor and employment issues and estate planning.
Next time you wonder how serious the government is about anti-kickback law, think about the latest False Claims Act settlement of $30 Million. This settlement was part of the government’s emphasis on combating health care fraud and marks another achievement for the Health Care Fraud Prevention and Enforcement Action Team (HEAT) initiative, partnering Department of Justice and Health and Human Services.
OIG, CMS release Final Rule for the Stark Exception, Anti-Kickback Safe Harbor for Electronic Health Records (EHR) Donation
While the donation of a valuable item such as an EHR program would raise fraud and abuse concerns, exemptions under Stark Law and Anti-Kickback Safe Harbor were designed to encourage the widespread implementation of EHR and to let smaller providers accept gifts of EHR software without violating the law or statute.
The Justice Department announced that St. James Healthcare, a hospital in Butte, Montana, and its parent, Sisters of Charity of Leavenworth Health System, based in Denver, CO, agreed to resolve allegations of violations of the Anti-Kickback Statute, the Stark Law and the False Claims Act by improperly providing financial benefits to physicians and physician groups that made referrals to the hospital.
Adult & Pediatric Dermatology, P.C., of Concord, Mass., (APDerm) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules with the Department of Health and Human Services, agreeing to a $150,000 payment. APDerm will also be required to implement a corrective action plan to correct deficiencies in its HIPAA compliance program. APDerm is a private practice that delivers dermatology services in four locations in Massachusetts and two in New Hampshire. This case marks the first settlement with a covered entity for not having policies and procedures in place to address the breach notification provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of American Recovery and Reinvestment Act of 2009 (ARRA).