Another HIPAA Settlement - $1.55 Million Following Unencrypted Laptop Theft
$1.55 Million Settlement focuses on HIPAA requiring Business Associate Agreements
We offer updates on national on regional issues such as malpractice defense, regulatory compliance, labor and employment issues and estate planning.
$1.55 Million Settlement focuses on HIPAA requiring Business Associate Agreements
The Department of Justice (DOJ) announced a settlement for claims of substandard nursing care and medically unnecessary rehabilitation therapy wherein Extendicare will pay $38 million to settle False Claims Act allegations. Rehabilitation services have been a frequent target for DOJ investigation and settlement of alleged overpayments. Once again, DOJ brings closure to an investigation of an initiative from the Health Care Fraud Prevention and Enforcement Action Team (HEAT). In addition to HEAT, this settlement arose from an investigation related to the Justice Department’s Elder Justice initiative, which coordinates the Office of Inspector General (OIG) efforts to combat elder abuse, neglect and financial exploitation.
The Omnibus Final Rule (Final Rule) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was issued in January 2013 and became effective on March 26, 2013 with a general compliance date of September 23, 2013. However, Covered Entities were given additional time to get their pre-Final Rule Business Associate Agreements (BAAs) in compliance. That compliance deadline is fast approaching on September 23, 2014.
Cedars-Sinai Medical Center in LA reported a stolen employee laptop containing patient protected health information as well as social security numbers and other personal information of at least 500 patients. While the hospital has encryption policies, this laptop lacked encryption after a recent operating system upgrade. The hospital will mail letters this week to potentially affected patients and has notified all relevant regulatory agencies, but the situation underlines the importance of adequately protected patient information.
False Claims Act (FCA) allegations are serious business. Anti-Kickback Statute prohibits offering, paying, soliciting or receiving remuneration to induce referrals of items or services covered by Medicare, Medicaid and other federally funded programs. Omnicare learned the hard way just how serious FCA actions can be when a whistleblower made allegations against it.