LTACHs Should Revise All HIPAA Business Associate Agreements by February 17, 2010

Posted by Jason Greis on December 6, 2009 under Articles | Be the First to Comment

Covered entities (i.e. LTACHs and other healthcare providers), and the business associates that assist them with the performance of functions and activities that involve access to protected health information (“PHI”), are now subject to much greater regulation of their information security practices as a result of the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”).  The HITECH Act was included as Title XIII of the Federal economic stimulus package, the American Recovery and Reinvestment Act of 2009 (“ARRA”), and represents the most expansive modification to the Federal privacy and security rules for health-related businesses since the 1996 enactment of HIPAA. Read More...

Tags: , , , , , , , , , , , , , , , , , ,

LTACH Medical Director and Medical Center Employees Receive Fines and Probation for HIPAA Violations

Posted by Jason Greis on December 5, 2009 under Articles | Be the First to Comment

In October 2009, a Federal judge in Arkansas sentenced the medical director of an Arkansas hospital-within-hospital LTACH and an account representative and emergency unit coordinator of the host hospital to fines and probation for violating the Health Insurance Portability and Accountability Act (“HIPAA”) by unlawfully viewing a high profile patient’s electronic medical records.  (U.S. v. Holland, E.D. Ark., No. 09-cr-168, sentencing Oct. 26, 2009; U.S. v. Griffin, E.D. Ark., No. 09-cr-169, sentencing Oct. 26, 09; U.S. v. Miller, E.D. Ark., No. 09-cr-170, sentencing Oct. 26, 2009).  Read More...

Tags: , , , , , , , , , , , , , , , , , , , , , ,

Federal Stimulus Bill Significantly Expands the Scope of HIPAA’s Privacy and Security Requirements

Posted by Jason Greis on February 24, 2009 under Articles | Be the First to Comment

On February 17, 2009, President Barack Obama signed the American Recovery and Reinvestment Act of 2009 (the “ARRA”), commonly referred to as the federal stimulus bill. The ARRA contains several provisions — intended to promote the use of health information technology — that would significantly expand the scope of the privacy and security requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). These changes, summarized below, include: Read More...

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Red Flag Rules Deadline Extended: 1) Which Health Care Providers Must Comply, and 2) Requirements for Health Care Providers

Posted by Jason Greis on under Articles | Be the First to Comment

On October 22, the FTC announced that enforcement of its Identity Theft Red Flag Rules, originally scheduled to begin November 1, 2008, will now be delayed until May 1, 2009. The reason for the delay is that many entities, including health care providers, have been uncertain or even unaware of their coverage under the Rules until this point. The extension will allow covered entities more time to comply with the mandate to create and implement a written identity theft prevention program. The FTC is also planning to provide additional guidance as to Rules themselves and to which entities the Rules apply, but no date has been provided for this guidance. Read More...

Tags: , , , , , , , , , , , , , , , , , , ,

home top