Skip to Content

Long Term Care & Senior Living Blog

We offer updates on national on regional issues such as malpractice defense, regulatory compliance, labor and employment issues and estate planning.

Long Term Care & Senior Living Blog
September 18, 2014

Covered Entity Alert - HIPAA BAA Compliance Deadline is 9-23-14

The Omnibus Final Rule (Final Rule) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was issued in January 2013 and became effective on March 26, 2013 with a general compliance date of September 23, 2013. However, Covered Entities were given additional time to get their pre-Final Rule Business Associate Agreements (BAAs) in compliance. That compliance deadline is fast approaching on September 23, 2014.

Long Term Care & Senior Living Blog
June 23, 2014

Happy HIPAA Monday - $800,000 Reason to Take HIPAA Seriously

Today, the HHS Press office released notice of a settlement of $800,000 with Parkview Health System, Inc. (Parkview) for potential HIPAA violations. This settlement relates to a complaint going back to September 2008, when Parkview received between 5,000-8,000 patient records from a retiring physician. Parkview received the medical records as part of the physician’s transition to retirement, while Parkview decided whether to purchase some of the physician’s practice.

Long Term Care & Senior Living Blog
June 10, 2014

PHI + Home Computers = Possible Breach

Hershey Medical Center announced that it will notify 1,801 patients of a data breach. This privacy breach arose out of an employee’s action, which involved taking data home on a removable storage device to work on a personal computer at home after hours. The employee then used his personal email to send updated data to doctors at the medical center. Because the employee worked with the data on devices and systems without the safeguards and controls of the workplace, the medical center could not rule out the possibility of unauthorized access of the information. While Hershey Medical Center did not believe an unauthorized person accessed the information, it felt it needed to notify the patients.

Long Term Care & Senior Living Blog
January 3, 2014

Dermatology Practice Settles Potential HIPAA Violations

Adult & Pediatric Dermatology, P.C., of Concord, Mass., (APDerm) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules with the Department of Health and Human Services, agreeing to a $150,000 payment. APDerm will also be required to implement a corrective action plan to correct deficiencies in its HIPAA compliance program. APDerm is a private practice that delivers dermatology services in four locations in Massachusetts and two in New Hampshire. This case marks the first settlement with a covered entity for not having policies and procedures in place to address the breach notification provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of American Recovery and Reinvestment Act of 2009 (ARRA).