As a helpful reminder, clients need to be aware that the March 1, 2017 deadline for reporting 2016 HIPAA breaches is fast approaching. March 1, 2017 is the Deadline for Reporting 2016 HIPAA Breaches Affecting Fewer than 500 Individuals by Covered Entities to the OCR. Click here for a link to the OCR portal to file year end breach reports. Each year, covered entities are required to file a report within 60 days of year end if the covered entity experienced a breach during the prior year affecting fewer than 500 individuals.
We offer updates on national on regional issues such as malpractice defense, regulatory compliance, labor and employment issues and estate planning.
Don’t let your clients get caught paying a “big” settlement for failing to report a HIPAA breach! For the first time, the Office of Civil Rights (OCR) has announced a HIPAA settlement with a provider who failed to provide a timely breach report. Presence Health, a health network serving Illinois with approximately 150 locations, including 11 hospitals and 27 long-term care and senior living facilities, has been ordered to pay a $475,000 HIPAA settlement and being directed to implement a corrective action plan because it failed to report a breach in a timely manner.
Following recent natural disasters, such as Hurricane Sandy or episodes of serious flooding; the Centers for Medicare and Medicaid Services (CMS) published a Final Rule to help Medicaid & Medicare providers and suppliers plan for natural and man-made disasters. The new regulations provide consistent emergency preparedness requirements with a goal of enhancing patient safety during emergencies and a coordinated and defined response to disasters.
In light of concerns that patient photographs are showing up on social media networks and other multimedia messaging, CMS issued guidance to State Survey Agency Directors. S&C: 16-33-NH dated August 5, 2016, effective immediately, addresses the need for nursing homes to protect residents’ privacy. CMS stresses the importance to recognize each resident’s sense of self-worth and to create a respectful environment.
On June 29, 2016, the Office of Civil Rights (OCR) announced a Resolution Agreement it entered with Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) a business associate of six nursing homes. This Resolution Agreement included a monetary payment of $650,000 and a Corrective Action Plan (CAP). The CAP requires CHCS to conduct a risk analysis and risk management, to develop and maintain written policies and procedures as well as to train all members of the CHCS workforce with access to ePHI within 60 days of the CAP in compliance with HIPAA, and to submit annual reports and attestation of CHCS’ compliance with the CAP for two years following the execution date of the Resolution Agreement.