Advocate Health Care Network, the largest fully-integrated health care system in Illinois, agreed to the largest HIPAA Settlement to be paid by a single entity for potential penalties in the amount of $5.55M. The alleged long term non-compliance resulting in this settlement included four failures to comply with HIPAA including: failure to adequately conduct risk assessments, failure to limit physical access to ePHI, failure to obtain Business Associate Agreements, andfailure to safeguard an unencrypted laptop from an unlocked car overnight.
We offer updates on national on regional issues such as malpractice defense, regulatory compliance, labor and employment issues and estate planning.
The Justice Department announced that St. James Healthcare, a hospital in Butte, Montana, and its parent, Sisters of Charity of Leavenworth Health System, based in Denver, CO, agreed to resolve allegations of violations of the Anti-Kickback Statute, the Stark Law and the False Claims Act by improperly providing financial benefits to physicians and physician groups that made referrals to the hospital.
Adult & Pediatric Dermatology, P.C., of Concord, Mass., (APDerm) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules with the Department of Health and Human Services, agreeing to a $150,000 payment. APDerm will also be required to implement a corrective action plan to correct deficiencies in its HIPAA compliance program. APDerm is a private practice that delivers dermatology services in four locations in Massachusetts and two in New Hampshire. This case marks the first settlement with a covered entity for not having policies and procedures in place to address the breach notification provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of American Recovery and Reinvestment Act of 2009 (ARRA).